Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1431142
MD5:19dbb47666f2eb1bb2889c42fc2fd3db
SHA1:0eeeef0203c5e51e07f521ff4d8d29a422319316
SHA256:09570f445a9a80479957a36ea2e038800d5a01acf338793274f936c108f21f24
Tags:exe
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Snort IDS alert for network traffic
Yara detected RedLine Stealer
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Installs new ROOT certificates
Machine Learning detection for dropped file
PE file has nameless sections
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to detect virtual machines (SLDT)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Enables debug privileges
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 1476 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 19DBB47666F2EB1BB2889C42FC2FD3DB)
    • cmd.exe (PID: 5652 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • work.exe (PID: 2104 cmdline: work.exe -priverdD MD5: DB5AF0B8F6E4BDB07B5BEC9FB8DE1B7F)
        • feswa.exe (PID: 4436 cmdline: "C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe" MD5: 28CBE77F47C6E613C90CF1B449051BF2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": "193.233.132.169:37732", "Bot Id": "bild1", "Authorization Header": "52699d232d68638c0ff53b39a3eb95b2"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000005.00000002.2240762275.0000000000272000.00000040.00000001.01000000.0000000B.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            Process Memory Space: feswa.exe PID: 4436JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: feswa.exe PID: 4436JoeSecurity_RedLineYara detected RedLine StealerJoe Security

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                5.2.feswa.exe.270000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Snort Signatures

                  Timestamp:04/24/24-16:26:08.440040
                  SID:2046056
                  Source Port:37732
                  Destination Port:49705
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/24/24-16:26:02.674030
                  SID:2046045
                  Source Port:49705
                  Destination Port:37732
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/24/24-16:26:20.152456
                  SID:2043231
                  Source Port:49705
                  Destination Port:37732
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/24/24-16:26:03.022278
                  SID:2043234
                  Source Port:37732
                  Destination Port:49705
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeAvira: detection malicious, Label: HEUR/AGEN.1311913
                  Found malware configuration
                  Source: 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "193.233.132.169:37732", "Bot Id": "bild1", "Authorization Header": "52699d232d68638c0ff53b39a3eb95b2"}
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeJoe Sandbox ML: detected

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeUnpacked PE file: 5.2.feswa.exe.270000.0.unpack
                  Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: file.exe, work.exe.0.dr
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037BA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0037BA94
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038D420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0038D420
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039C508 FindFirstFileExA,0_2_0039C508
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00ABBA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,4_2_00ABBA94
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00ACD420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,4_2_00ACD420
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00ADC508 FindFirstFileExA,4_2_00ADC508

                  Networking

                  barindex
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.5:49705 -> 193.233.132.169:37732
                  Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.5:49705 -> 193.233.132.169:37732
                  Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 193.233.132.169:37732 -> 192.168.2.5:49705
                  Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 193.233.132.169:37732 -> 192.168.2.5:49705
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: 193.233.132.169:37732
                  Source: global trafficTCP traffic: 192.168.2.5:49705 -> 193.233.132.169:37732
                  Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.169
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9L
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000004539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000004539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000004539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                  Source: feswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                  Source: feswa.exe, 00000005.00000002.2240826384.00000000002E0000.00000040.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.enigmaprotector.com/
                  Source: feswa.exe, 00000005.00000002.2240826384.00000000002E0000.00000040.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.enigmaprotector.com/openU
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005385000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054BE000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005611000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: feswa.exe, feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2240762275.0000000000272000.00000040.00000001.01000000.0000000B.sdmpString found in binary or memory: https://api.ip.sb/ip
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005385000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054BE000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005611000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005385000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054BE000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005611000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005385000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054BE000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005611000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005385000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054BE000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005611000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005385000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054BE000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005385000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054BE000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005611000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005385000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054BE000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005611000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005385000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054BE000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005611000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp46EF.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp4700.tmpJump to dropped file

                  System Summary

                  barindex
                  PE file has nameless sections
                  Source: feswa.exe.4.drStatic PE information: section name:
                  Source: feswa.exe.4.drStatic PE information: section name:
                  Source: feswa.exe.4.drStatic PE information: section name:
                  Source: feswa.exe.4.drStatic PE information: section name:
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00377AAF: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00377AAF
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003792C60_2_003792C6
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003850110_2_00385011
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003882530_2_00388253
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003962A80_2_003962A8
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003852820_2_00385282
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003802F70_2_003802F7
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003813FD0_2_003813FD
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038742E0_2_0038742E
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003964D70_2_003964D7
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003855B00_2_003855B0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039E6000_2_0039E600
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003807A70_2_003807A7
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037D8330_2_0037D833
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003888AF0_2_003888AF
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037395A0_2_0037395A
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039EAAE0_2_0039EAAE
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00374A8E0_2_00374A8E
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A2BB40_2_003A2BB4
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037FCCC0_2_0037FCCC
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00387DDC0_2_00387DDC
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00372EB60_2_00372EB6
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AB92C64_2_00AB92C6
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AC50114_2_00AC5011
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AD62A84_2_00AD62A8
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AC52824_2_00AC5282
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AC02F74_2_00AC02F7
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AC82534_2_00AC8253
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AC13FD4_2_00AC13FD
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AD64D74_2_00AD64D7
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AC742E4_2_00AC742E
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AC55B04_2_00AC55B0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00ADE6004_2_00ADE600
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AC07A74_2_00AC07A7
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AC88AF4_2_00AC88AF
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00ABD8334_2_00ABD833
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AB395A4_2_00AB395A
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00ADEAAE4_2_00ADEAAE
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AB4A8E4_2_00AB4A8E
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AE2BB44_2_00AE2BB4
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00ABFCCC4_2_00ABFCCC
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AC7DDC4_2_00AC7DDC
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AB2EB64_2_00AB2EB6
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002781155_2_00278115
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002779905_2_00277990
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002F10B65_2_002F10B6
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002F028C5_2_002F028C
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002FB2905_2_002FB290
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_0327D9CC5_2_0327D9CC
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_06F938385_2_06F93838
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_06FBA3E85_2_06FBA3E8
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_06FB3F505_2_06FB3F50
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_06FBA3C85_2_06FBA3C8
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_06FB6FF85_2_06FB6FF8
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_06FB6FE85_2_06FB6FE8
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_06FB68605_2_06FB6860
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_0856A8785_2_0856A878
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_085608B05_2_085608B0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_0856FA585_2_0856FA58
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_0856DC385_2_0856DC38
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_085615F85_2_085615F8
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_085665985_2_08566598
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_0856FA495_2_0856FA49
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_0856A3005_2_0856A300
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_0856E5585_2_0856E558
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_0856E54C5_2_0856E54C
                  Source: C:\Users\user\Desktop\file.exeCode function: String function: 0038FEFC appears 42 times
                  Source: C:\Users\user\Desktop\file.exeCode function: String function: 003907A0 appears 31 times
                  Source: C:\Users\user\Desktop\file.exeCode function: String function: 0038FFD0 appears 56 times
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: String function: 002E4264 appears 56 times
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: String function: 00ACFFD0 appears 56 times
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: String function: 00ACFEFC appears 42 times
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: String function: 00AD07A0 appears 31 times
                  Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: feswa.exe.4.drStatic PE information: Section: ZLIB complexity 0.9904955486918605
                  Source: feswa.exe.4.drStatic PE information: Section: .data ZLIB complexity 0.9967882183710033
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/8@0/1
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00377727 GetLastError,FormatMessageW,0_2_00377727
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038B6D2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_0038B6D2
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1240:120:WilError_03
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat" "
                  Source: C:\Users\user\Desktop\file.exeCommand line argument: sfxname0_2_0038F05C
                  Source: C:\Users\user\Desktop\file.exeCommand line argument: sfxstime0_2_0038F05C
                  Source: C:\Users\user\Desktop\file.exeCommand line argument: p0;0_2_0038F05C
                  Source: C:\Users\user\Desktop\file.exeCommand line argument: STARTDLG0_2_0038F05C
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCommand line argument: sfxname4_2_00ACF05C
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCommand line argument: sfxstime4_2_00ACF05C
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCommand line argument: STARTDLG4_2_00ACF05C
                  Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Windows\win.iniJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: feswa.exe, 00000005.00000002.2253491044.00000000056A5000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005676000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000056D3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat" "
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe work.exe -priverdD
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe "C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe"
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat" "Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe work.exe -priverdDJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe "C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: dxgidebug.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: dxgidebug.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: shfolder.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: esdsip.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                  Source: Google Chrome.lnk.5.drLNK file: ..\..\..\Program Files\Google\Chrome\Application\chrome.exe
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: file.exeStatic file information: File size 1978181 > 1048576
                  Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: file.exe, work.exe.0.dr
                  Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeUnpacked PE file: 5.2.feswa.exe.270000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;.rsrc:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:R;.rsrc:ER;Unknown_Section4:ER;.data:ER;
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeUnpacked PE file: 5.2.feswa.exe.270000.0.unpack
                  Source: feswa.exe.4.drStatic PE information: 0xFFABA98E [Sat Dec 5 07:09:02 2105 UTC]
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_6438890Jump to behavior
                  Source: file.exeStatic PE information: section name: .didat
                  Source: work.exe.0.drStatic PE information: section name: .didat
                  Source: feswa.exe.4.drStatic PE information: section name:
                  Source: feswa.exe.4.drStatic PE information: section name:
                  Source: feswa.exe.4.drStatic PE information: section name:
                  Source: feswa.exe.4.drStatic PE information: section name:
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003907F0 push ecx; ret 0_2_00390803
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038FEFC push eax; ret 0_2_0038FF1A
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AD07F0 push ecx; ret 4_2_00AD0803
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00ACFEFC push eax; ret 4_2_00ACFF1A
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002776A8 push es; retn 0000h5_2_00277696
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002776A8 push es; ret 5_2_002776A5
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_00277586 push es; retn 0000h5_2_00277696
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_00277715 push es; retf 0000h5_2_00277702
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_00277715 push es; retf 5_2_00277712
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_00277699 push es; retn 0000h5_2_00277696
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_00277699 push es; ret 5_2_002776A5
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002FC104 push ecx; mov dword ptr [esp], edx5_2_002FC109
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002F028C push 002F06D8h; ret 5_2_002F06D0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002FC32C push ecx; mov dword ptr [esp], edx5_2_002FC331
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002F93A0 push 002F9400h; ret 5_2_002F93F8
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002E83EA push 002E8418h; ret 5_2_002E8410
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002E8424 push 002E8450h; ret 5_2_002E8448
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002FC448 push ecx; mov dword ptr [esp], edx5_2_002FC44D
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002E845C push 002E8488h; ret 5_2_002E8480
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002F9456 push 002F95A4h; ret 5_2_002F959C
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002FA454 push 002FA4A1h; ret 5_2_002FA499
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002FC48C push ecx; mov dword ptr [esp], edx5_2_002FC491
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002E8494 push 002E84C0h; ret 5_2_002E84B8
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002E84F8 push 002E852Ch; ret 5_2_002E8524
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002F8536 push 002F85B5h; ret 5_2_002F85AD
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002E65F0 push 002E6641h; ret 5_2_002E6639
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002F762C push 002F76A2h; ret 5_2_002F769A
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002F76A4 push 002F774Ch; ret 5_2_002F7744
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002F9684 push ecx; mov dword ptr [esp], ecx5_2_002F9687
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002F06DA push 002F074Bh; ret 5_2_002F0743
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002F774E push 002F779Ch; ret 5_2_002F7794
                  Source: feswa.exe.4.drStatic PE information: section name: entropy: 7.986009075250157
                  Source: feswa.exe.4.drStatic PE information: section name: .data entropy: 7.982938823372487

                  Persistence and Installation Behavior

                  barindex
                  Installs new ROOT certificates
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 BlobJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeJump to dropped file
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeMemory allocated: 3270000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeMemory allocated: 3CE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeMemory allocated: 3B30000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeCode function: 5_2_002ECE52 sldt word ptr [eax]5_2_002ECE52
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWindow / User API: threadDelayed 569Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWindow / User API: threadDelayed 549Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWindow / User API: threadDelayed 2197Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_4-25593
                  Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-25448
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe TID: 4028Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe TID: 2824Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037BA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0037BA94
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038D420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0038D420
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039C508 FindFirstFileExA,0_2_0039C508
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00ABBA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,4_2_00ABBA94
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00ACD420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,4_2_00ACD420
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00ADC508 FindFirstFileExA,4_2_00ADC508
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038F82F VirtualQuery,GetSystemInfo,0_2_0038F82F
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2240826384.00000000002E0000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: &VBoxService.exe
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: file.exe, 00000000.00000003.2031317947.0000000003295000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655LRcq
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: work.exe, 00000004.00000003.2276634818.0000000003300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\j
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: feswa.exe, 00000005.00000002.2266826926.0000000007012000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: feswa.exe, 00000005.00000002.2240826384.00000000002E0000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: VBoxService.exe
                  Source: work.exe, 00000004.00000003.2276634818.0000000003300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: feswa.exe, feswa.exe, 00000005.00000002.2240826384.0000000000426000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: ~VirtualMachineTypes
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: feswa.exe, feswa.exe, 00000005.00000002.2240826384.0000000000426000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: ]DLL_Loader_VirtualMachine
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000041AA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2240826384.00000000002E0000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: VMWare
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2240826384.0000000000426000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: feswa.exe, 00000005.00000002.2253491044.0000000005782000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: feswa.exe, 00000005.00000002.2244021495.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-24617
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeAPI call chain: ExitProcess graph end nodegraph_4-24714
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Hides threads from debuggers
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00390A0A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00390A0A
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003991B0 mov eax, dword ptr fs:[00000030h]0_2_003991B0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AD91B0 mov eax, dword ptr fs:[00000030h]4_2_00AD91B0
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039D1F0 GetProcessHeap,0_2_0039D1F0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00390A0A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00390A0A
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00390B9D SetUnhandledExceptionFilter,0_2_00390B9D
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00390D8A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00390D8A
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00394FEF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00394FEF
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AD0A0A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00AD0A0A
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AD0B9D SetUnhandledExceptionFilter,4_2_00AD0B9D
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AD0D8A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00AD0D8A
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: 4_2_00AD4FEF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00AD4FEF
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat" "Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe work.exe -priverdDJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe "C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038BEFF SetEntriesInAclW,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateDirectoryW,LocalFree,0_2_0038BEFF
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00390826 cpuid 0_2_00390826
                  Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_0038C093
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exeCode function: GetLocaleInfoW,GetNumberFormatW,4_2_00ACC093
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038F05C GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_0038F05C
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037C365 GetVersionExW,0_2_0037C365
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 5.2.feswa.exe.270000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2240762275.0000000000272000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: feswa.exe PID: 4436, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                  Source: Yara matchFile source: 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: feswa.exe PID: 4436, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 5.2.feswa.exe.270000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2240762275.0000000000272000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: feswa.exe PID: 4436, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information1
                  Scripting                  		Valid Accounts221
                  Windows Management Instrumentation                  		1
                  Scripting                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		11
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		LSASS Memory2
                  File and Directory Discovery                  		Remote Desktop Protocol2
                  Data from Local System                  		1
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts2
                  Command and Scripting Interpreter                  		Logon Script (Windows)Logon Script (Windows)3
                  Obfuscated Files or Information                  		Security Account Manager137
                  System Information Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Install Root Certificate                  		NTDS1
                  Query Registry                  		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script23
                  Software Packing                  		LSA Secrets341
                  Security Software Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Timestomp                  		Cached Domain Credentials1
                  Process Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync351
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Masquerading                  		Proc Filesystem1
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt351
                  Virtualization/Sandbox Evasion                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
                  Process Injection                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1431142 Sample: file.exe Startdate: 24/04/2024 Architecture: WINDOWS Score: 100 28 Snort IDS alert for network traffic 2->28 30 Found malware configuration 2->30 32 Yara detected RedLine Stealer 2->32 34 2 other signatures 2->34 8 file.exe 14 2->8         started        process3 file4 22 C:\Users\user\AppData\Local\Temp\...\work.exe, PE32 8->22 dropped 11 cmd.exe 1 8->11         started        process5 process6 13 work.exe 13 11->13         started        16 conhost.exe 11->16         started        file7 24 C:\Users\user\AppData\Local\...\feswa.exe, PE32 13->24 dropped 18 feswa.exe 6 24 13->18         started        process8 dnsIp9 26 193.233.132.169, 37732, 49705 FREE-NET-ASFREEnetEU Russian Federation 18->26 36 Antivirus detection for dropped file 18->36 38 Detected unpacking (changes PE section rights) 18->38 40 Detected unpacking (overwrites its own PE header) 18->40 42 7 other signatures 18->42 signatures10

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  No Antivirus matches

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe100%AviraHEUR/AGEN.1311913
                  C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe100%Joe Sandbox ML

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://api.ip.sb/ip0%URL Reputationsafe
                  http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id6ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id90%Avira URL Cloudsafe
                  http://tempuri.org/0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id50%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id80%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id23ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id14ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id60%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id13ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id40%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id19Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id70%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id6Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id9Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id5ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id1ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id200%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id210%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id220%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id230%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id240%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id110%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id1Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id100%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id21ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id120%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id10ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id16Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id150%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id140%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id130%Avira URL Cloudsafe
                  http://www.enigmaprotector.com/0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id160%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id170%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id180%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id190%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id11ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id15ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id8Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id17ResponseD0%Avira URL Cloudsafe
                  http://www.enigmaprotector.com/openU0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://schemas.xmlsoap.org/ws/2005/02/sc/sctfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://duckduckgo.com/chrome_newtabfeswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/ac/?q=feswa.exe, 00000005.00000002.2253491044.0000000005385000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054BE000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005611000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://tempuri.org/Entity/Id14ResponseDfeswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id23ResponseDfeswa.exe, 00000005.00000002.2244021495.0000000004539000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://tempuri.org/Entity/Id12Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://tempuri.org/feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://tempuri.org/Entity/Id2Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id21Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id9feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id8feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://tempuri.org/Entity/Id6ResponseDfeswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://tempuri.org/Entity/Id5feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Preparefeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id4feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id7feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id6feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id19Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensefeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuefeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id13ResponseDfeswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/faultfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsatfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://tempuri.org/Entity/Id15Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://tempuri.org/Entity/Id5ResponseDfeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefeswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registerfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id6Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://api.ip.sb/ipfeswa.exe, feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2240762275.0000000000272000.00000040.00000001.01000000.0000000B.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2004/04/scfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id1ResponseDfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://tempuri.org/Entity/Id9Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=feswa.exe, 00000005.00000002.2253491044.0000000005385000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054BE000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005611000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Entity/Id20feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://tempuri.org/Entity/Id21feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://tempuri.org/Entity/Id22feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id23feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id24feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issuefeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id24Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.ecosia.org/newtab/feswa.exe, 00000005.00000002.2253491044.0000000005385000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054BE000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000005611000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.0000000004D1B000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, feswa.exe, 00000005.00000002.2253491044.00000000050F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://tempuri.org/Entity/Id1Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedfeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Replayfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegofeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://tempuri.org/Entity/Id21ResponseDfeswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressingfeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuefeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Completionfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trustfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://tempuri.org/Entity/Id10feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id11feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id10ResponseDfeswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id12feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id16Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsefeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id13feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id14feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id15feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.enigmaprotector.com/feswa.exe, 00000005.00000002.2240826384.00000000002E0000.00000040.00000001.01000000.0000000B.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id16feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/Noncefeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id17feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id18feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id5Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id19feswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsfeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Entity/Id15ResponseDfeswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id10Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/Renewfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id11ResponseDfeswa.exe, 00000005.00000002.2244021495.0000000004539000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id8Responsefeswa.exe, 00000005.00000002.2244021495.0000000003CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0feswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2006/02/addressingidentityfeswa.exe, 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id17ResponseDfeswa.exe, 00000005.00000002.2244021495.0000000003DD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://www.enigmaprotector.com/openUfeswa.exe, 00000005.00000002.2240826384.00000000002E0000.00000040.00000001.01000000.0000000B.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown

                                                                                                                        World Map of Contacted IPs

                                                                                                                        • No. of IPs < 25%
                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                        • 75% < No. of IPs

                                                                                                                        Public IPs

                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                        193.233.132.169
                                                                                                                        		unknownRussian Federation
                                                                                                                        		2895FREE-NET-ASFREEnetEUtrue

                                                                                                                        General Information

                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                        Analysis ID:1431142
                                                                                                                        Start date and time:2024-04-24 16:25:09 +02:00
                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                        Overall analysis duration:0h 6m 59s
                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                        Report type:full
                                                                                                                        Cookbook file name:default.jbs
                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                        Number of analysed new started processes analysed:8
                                                                                                                        Number of new started drivers analysed:0
                                                                                                                        Number of existing processes analysed:0
                                                                                                                        Number of existing drivers analysed:0
                                                                                                                        Number of injected processes analysed:0
                                                                                                                        Technologies:
                                                                                                                        • HCA enabled
                                                                                                                        • EGA enabled
                                                                                                                        • AMSI enabled
                                                                                                                        Analysis Mode:default
                                                                                                                        Analysis stop reason:Timeout
                                                                                                                        Sample name:file.exe
                                                                                                                        Detection:MAL
                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@9/8@0/1
                                                                                                                        EGA Information:
                                                                                                                        • Successful, ratio: 100%
                                                                                                                        HCA Information:
                                                                                                                        • Successful, ratio: 77%
                                                                                                                        • Number of executed functions: 343
                                                                                                                        • Number of non-executed functions: 165
                                                                                                                        Cookbook Comments:
                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                                        Warnings

                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                        • VT rate limit hit for: file.exe

                                                                                                                        Simulations

                                                                                                                        Behavior and APIs

                                                                                                                        TimeTypeDescription
                                                                                                                        16:25:58API Interceptor1x Sleep call for process: file.exe modified
                                                                                                                        16:26:17API Interceptor16x Sleep call for process: feswa.exe modified

                                                                                                                        Joe Sandbox View / Context

                                                                                                                        IPs

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        193.233.132.169file.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                                                                          file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                            file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                              fPOCbr2TgH.exeGet hashmaliciousRedLineBrowse

                                                                                                                                Domains

                                                                                                                                No context

                                                                                                                                ASNs

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                FREE-NET-ASFREEnetEUfile.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                • 193.233.132.175
                                                                                                                                957C4XK6Lt.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                • 193.233.132.177
                                                                                                                                file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                • 193.233.132.47
                                                                                                                                file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                • 193.233.132.47
                                                                                                                                file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                • 147.45.47.93
                                                                                                                                file.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                • 193.233.132.234
                                                                                                                                file.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                • 193.233.132.234
                                                                                                                                file.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, RisePro Stealer, zgRATBrowse
                                                                                                                                • 193.233.132.167
                                                                                                                                c3nBx2HQG2.exeGet hashmaliciousGlupteba, Mars Stealer, Phorpiex, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                • 193.233.132.234
                                                                                                                                file.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                • 193.233.132.169

                                                                                                                                JA3 Fingerprints

                                                                                                                                No context

                                                                                                                                Dropped Files

                                                                                                                                No context

                                                                                                                                Created / dropped Files

                                                                                                                                C:\Users\Public\Desktop\Google Chrome.lnk

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe
                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 13:16:56 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):2104
                                                                                                                                Entropy (8bit):3.4517191780503143
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:8Szl2dfTXdARYrnvPdAKRkdAGdAKRFdAKRE:8SzlO7
                                                                                                                                MD5:D1F019D7EA74EBED7ECA69B7C003ECED
                                                                                                                                SHA1:2F35A71B1ABA6463E4ADEC76872AF26281FFE217
                                                                                                                                SHA-256:99D15235782E2BFF2E67147EC6B752122376667FC4D2B4186849AD2B800154A8
                                                                                                                                SHA-512:BE8EAD3704CC3541BE8AA4B9E8BB66471CADA76146381C3CD37795A43BB74CA0564D67524D405B106CD13E9CE70EDE67C646F4F2671064FB8385A4ACBB3E44F4
                                                                                                                                Malicious:false
                                                                                                                                Reputation:low
                                                                                                                                Preview:L..................F.@.. ......,......n.......q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDW.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDWUl....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDWUl....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDWUl..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VDW.r..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\feswa.exe.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):3274
                                                                                                                                Entropy (8bit):5.3318368586986695
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY
                                                                                                                                MD5:0B2E58EF6402AD69025B36C36D16B67F
                                                                                                                                SHA1:5ECC642327EF5E6A54B7918A4BD7B46A512BF926
                                                                                                                                SHA-256:4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7
                                                                                                                                SHA-512:1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1
                                                                                                                                Malicious:false
                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):35
                                                                                                                                Entropy (8bit):4.286146588249911
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:mKDDFRK58FoXMMH:h08Foc2
                                                                                                                                MD5:FF59D999BEB970447667695CE3273F75
                                                                                                                                SHA1:316FA09F467BA90AC34A054DAF2E92E6E2854FF8
                                                                                                                                SHA-256:065D2B17AD499587DC9DE7EE9ECDA4938B45DA1DF388BC72E6627DFF220F64D2
                                                                                                                                SHA-512:D5AC72CB065A3CD3CB118A69A2F356314EEED24DCB4880751E1A3683895E66CEDC62607967E29F77A0C27ADF1C9FE0EFD86E804F693F0A63A5B51B0BF0056B5D
                                                                                                                                Malicious:false
                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                Preview:@echo off..start work.exe -priverdD

                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1643442
                                                                                                                                Entropy (8bit):7.897829922390777
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:cI1ayrqA8h2uJeRoWHDyct4BhbXjz1xfc24G:cLUqDh2uiSS4BlXnbk2j
                                                                                                                                MD5:DB5AF0B8F6E4BDB07B5BEC9FB8DE1B7F
                                                                                                                                SHA1:C13E24F41335E760A568F90866D12DB7A6E22C40
                                                                                                                                SHA-256:B7F10A2008A274BDFF2EBCB2D62988346111EB4C599A0C0AD8F7A663E5829A3F
                                                                                                                                SHA-512:C2A98EA04CEABAB081F518D1D7EC64926E84767E6A34D09E9AF407AAB6B1FB82C8B983C29DA2369646D6AF9DDDFA3EA893FE414615A67FF43A225FA32CD3CAA8
                                                                                                                                Malicious:true
                                                                                                                                Reputation:low
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........w..w..w..<.V.w..<.T..w..<.U.w....Z.w......w......w......w...$.w...4.w..w..v......w......w....X.w......w..Rich.w..........PE..L......d...............!.....................@....@.......................................@.............................4.......P....`..D....................P...#......T............................f..@............@..x...\... ....................text....-.......................... ..`.rdata......@.......2..............@..@.data...PG..........................@....didat.......P......................@....rsrc...D....`......................@..@.reloc...#...P...$..................@..B................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1315840
                                                                                                                                Entropy (8bit):7.772842588209776
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:9lXwHInb9sLY/OfaHNDYdk/qN5cymz4xyJEZ/tgB5+E91XEZifJCfPI6x:9ljnxOCtDok/q05CyJEBtC5pXEZiwfP7
                                                                                                                                MD5:28CBE77F47C6E613C90CF1B449051BF2
                                                                                                                                SHA1:F61C1774D50580F45FB5572F6692704450017422
                                                                                                                                SHA-256:EC44944DA55ED605AA11199B62FA6BA170155D4A67F263A75888C61B6648B813
                                                                                                                                SHA-512:A622DB347065565460C21B1B2ECA70B4E5A4EE2FF8C97B7F955A96ED17C3791B0D0495B175580FDDB661199F09524A1B6B75AAF5E2A2D33277F46CCA75D55F07
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                Reputation:low
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...................................F.... ... ....@.. .......................@=...........@................................. ./...... ......................../.................................................................................................. ...X..................@................ .......\..............@............ ...........\..............@....rsrc........ .......`..............@.............(..........,..............@....data....@..../..,..................@...........................................h.H...6\F...c...........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Tmp46EF.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):2662
                                                                                                                                Entropy (8bit):7.8230547059446645
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                                                                                MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                                                                                SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                                                                                SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                                                                                SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                                                                                Malicious:false
                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                                                                                C:\Users\user\AppData\Local\Temp\Tmp4700.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):2662
                                                                                                                                Entropy (8bit):7.8230547059446645
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                                                                                MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                                                                                SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                                                                                SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                                                                                SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                                                                                Malicious:false
                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):2251
                                                                                                                                Entropy (8bit):0.0
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3::
                                                                                                                                MD5:0158FE9CEAD91D1B027B795984737614
                                                                                                                                SHA1:B41A11F909A7BDF1115088790A5680AC4E23031B
                                                                                                                                SHA-256:513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
                                                                                                                                SHA-512:C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
                                                                                                                                Malicious:false
                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                Entropy (8bit):7.746345735326208
                                                                                                                                TrID:
                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                File name:file.exe
                                                                                                                                File size:1'978'181 bytes
                                                                                                                                MD5:19dbb47666f2eb1bb2889c42fc2fd3db
                                                                                                                                SHA1:0eeeef0203c5e51e07f521ff4d8d29a422319316
                                                                                                                                SHA256:09570f445a9a80479957a36ea2e038800d5a01acf338793274f936c108f21f24
                                                                                                                                SHA512:8311734676547436fc48423f7481ce1499003934cba291720b841779dbca9041914d58d9958f5b94a15a5c32e7c45ebea439886f0d51b61584280ebd7b782856
                                                                                                                                SSDEEP:49152:YI4RI1ayrqA8h2uJeRoWHDyct4BhbXjz1xfc242:YbLUqDh2uiSS4BlXnbk2V
                                                                                                                                TLSH:79951292FED499B2D02124333A14AB2872FD7D205F6189EBE385AD5DBD320C06635F97
                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w..<.V..w..<.T..w..<.U..w....Z..w.......w.......w.......w....$..w....4..w...w...v.......w.......w....X..w.......w.

                                                                                                                                File Icon

                                                                                                                                Icon Hash:90cececece8e8eb0

                                                                                                                                Static PE Info

                                                                                                                                General

                                                                                                                                Entrypoint:0x420790
                                                                                                                                Entrypoint Section:.text
                                                                                                                                Digitally signed:false
                                                                                                                                Imagebase:0x400000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                Time Stamp:0x64C8CFB2 [Tue Aug 1 09:26:10 2023 UTC]
                                                                                                                                TLS Callbacks:
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:5
                                                                                                                                OS Version Minor:1
                                                                                                                                File Version Major:5
                                                                                                                                File Version Minor:1
                                                                                                                                Subsystem Version Major:5
                                                                                                                                Subsystem Version Minor:1
                                                                                                                                Import Hash:0ae9e38912ff6bd742a1b9e5c003576a

                                                                                                                                Entrypoint Preview

                                                                                                                                Instruction
                                                                                                                                call 00007F7D246E764Bh
                                                                                                                                jmp 00007F7D246E6FFDh
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                push 00423A90h
                                                                                                                                push dword ptr fs:[00000000h]
                                                                                                                                mov eax, dword ptr [esp+10h]
                                                                                                                                mov dword ptr [esp+10h], ebp
                                                                                                                                lea ebp, dword ptr [esp+10h]
                                                                                                                                sub esp, eax
                                                                                                                                push ebx
                                                                                                                                push esi
                                                                                                                                push edi
                                                                                                                                mov eax, dword ptr [004407A8h]
                                                                                                                                xor dword ptr [ebp-04h], eax
                                                                                                                                xor eax, ebp
                                                                                                                                push eax
                                                                                                                                mov dword ptr [ebp-18h], esp
                                                                                                                                push dword ptr [ebp-08h]
                                                                                                                                mov eax, dword ptr [ebp-04h]
                                                                                                                                mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                mov dword ptr [ebp-08h], eax
                                                                                                                                lea eax, dword ptr [ebp-10h]
                                                                                                                                mov dword ptr fs:[00000000h], eax
                                                                                                                                ret
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                mov ecx, dword ptr [ebp-10h]
                                                                                                                                mov dword ptr fs:[00000000h], ecx
                                                                                                                                pop ecx
                                                                                                                                pop edi
                                                                                                                                pop edi
                                                                                                                                pop esi
                                                                                                                                pop ebx
                                                                                                                                mov esp, ebp
                                                                                                                                pop ebp
                                                                                                                                push ecx
                                                                                                                                ret
                                                                                                                                push ebp
                                                                                                                                mov ebp, esp
                                                                                                                                sub esp, 0Ch
                                                                                                                                lea ecx, dword ptr [ebp-0Ch]
                                                                                                                                call 00007F7D246D9E91h
                                                                                                                                push 0043D14Ch
                                                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                                                push eax
                                                                                                                                call 00007F7D246E9CA5h
                                                                                                                                int3
                                                                                                                                jmp 00007F7D246EBB78h
                                                                                                                                push ebp
                                                                                                                                mov ebp, esp
                                                                                                                                and dword ptr [00463D58h], 00000000h
                                                                                                                                sub esp, 24h
                                                                                                                                or dword ptr [004407A0h], 01h
                                                                                                                                push 0000000Ah
                                                                                                                                call dword ptr [004341C4h]
                                                                                                                                test eax, eax
                                                                                                                                je 00007F7D246E7332h
                                                                                                                                and dword ptr [ebp-10h], 00000000h
                                                                                                                                xor eax, eax
                                                                                                                                push ebx
                                                                                                                                push esi
                                                                                                                                push edi
                                                                                                                                xor ecx, ecx
                                                                                                                                lea edi, dword ptr [ebp-24h]

                                                                                                                                Rich Headers

                                                                                                                                Programming Language:
                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                • [IMP] VS2008 SP1 build 30729

                                                                                                                                Data Directories

                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x3e3800x34.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3e3b40x50.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x660000xfc04.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x760000x23dc.reloc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x3c1b00x54.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x366a80x40.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x340000x278.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3d85c0x120.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                Sections

                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                .text0x10000x32dcc0x32e00bf3082787caa3b02fd9d989022806d04False0.592286355958231data6.705330880207017IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                .rdata0x340000xb1d00xb200ba53cf76fc539872e6fb32f5b59318a2False0.46025719803370785data5.269843738840559IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .data0x400000x247500x120063d51bc646ae841bb4737f86d3d78592False0.4058159722222222data4.083590987791496IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .didat0x650000x1a40x200deb77807258e64170eadd0d48c2f3f11False0.46484375data3.5190901598372837IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .rsrc0x660000xfc040xfe000d68545a9289dfbf0ba0cd37f0b3040aFalse0.2443713090551181data5.052288456092134IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .reloc0x760000x23dc0x2400e49afaf69d5cac6d9ffa2d43bc30363aFalse0.7861328125data6.67388754981222IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                Resources

                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                PNG0x666740xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced1.0027729636048528
                                                                                                                                PNG0x671bc0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced0.9363390441839495
                                                                                                                                RT_ICON0x687680x8dbPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8142920158800176
                                                                                                                                RT_ICON0x690440x4228Device independent bitmap graphic, 64 x 128 x 32, image size 00.029168634860651865
                                                                                                                                RT_ICON0x6d26c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.047925311203319505
                                                                                                                                RT_ICON0x6f8140x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 00.05798816568047337
                                                                                                                                RT_ICON0x7127c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.06543151969981238
                                                                                                                                RT_ICON0x723240x988Device independent bitmap graphic, 24 x 48 x 32, image size 00.10327868852459017
                                                                                                                                RT_ICON0x72cac0x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 00.12732558139534883
                                                                                                                                RT_ICON0x733640x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.10815602836879433
                                                                                                                                RT_DIALOG0x737cc0x2badata0.5286532951289399
                                                                                                                                RT_DIALOG0x73a880x13adata0.6560509554140127
                                                                                                                                RT_DIALOG0x73bc40xf2data0.71900826446281
                                                                                                                                RT_DIALOG0x73cb80x14adata0.6
                                                                                                                                RT_DIALOG0x73e040x314data0.47588832487309646
                                                                                                                                RT_DIALOG0x741180x24adata0.6279863481228669
                                                                                                                                RT_STRING0x743640x1fcdata0.421259842519685
                                                                                                                                RT_STRING0x745600x246data0.41924398625429554
                                                                                                                                RT_STRING0x747a80x1a6data0.514218009478673
                                                                                                                                RT_STRING0x749500xdcdata0.65
                                                                                                                                RT_STRING0x74a2c0x470data0.3873239436619718
                                                                                                                                RT_STRING0x74e9c0x164data0.5056179775280899
                                                                                                                                RT_STRING0x750000x110data0.5772058823529411
                                                                                                                                RT_STRING0x751100x158data0.4563953488372093
                                                                                                                                RT_STRING0x752680xe8data0.5948275862068966
                                                                                                                                RT_STRING0x753500xe6data0.5695652173913044
                                                                                                                                RT_GROUP_ICON0x754380x76data0.7457627118644068
                                                                                                                                RT_MANIFEST0x754b00x753XML 1.0 document, ASCII text, with CRLF line terminators0.3957333333333333

                                                                                                                                Imports

                                                                                                                                DLLImport
                                                                                                                                KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetTimeFormatW, GetDateFormatW, LocalFree, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapReAlloc, HeapAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                                                                                OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                                                                gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                                                                Network Behavior

                                                                                                                                Snort IDS Alerts

                                                                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                04/24/24-16:26:08.440040TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)3773249705193.233.132.169192.168.2.5
                                                                                                                                04/24/24-16:26:02.674030TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)4970537732192.168.2.5193.233.132.169
                                                                                                                                04/24/24-16:26:20.152456TCP2043231ET TROJAN Redline Stealer TCP CnC Activity4970537732192.168.2.5193.233.132.169
                                                                                                                                04/24/24-16:26:03.022278TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response3773249705193.233.132.169192.168.2.5

                                                                                                                                Network Port Distribution

                                                                                                                                TCP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Apr 24, 2024 16:26:01.936265945 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:02.283842087 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:02.284111023 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:02.293508053 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:02.640949965 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:02.674030066 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:03.022278070 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:03.066212893 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:08.087325096 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:08.440040112 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:08.440115929 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:08.440176964 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:08.440181971 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:08.440252066 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:08.440294027 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:08.440325022 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:08.488024950 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:08.589638948 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:08.940290928 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:08.988032103 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:09.010896921 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:09.360003948 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:09.360110044 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:09.360131979 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:09.360213041 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:09.360255957 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:09.360377073 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:09.708681107 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:09.709275961 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:09.738653898 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:10.086399078 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:10.128639936 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:10.134434938 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:10.482284069 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:10.486531973 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:10.843023062 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:10.894265890 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:10.932785988 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:11.284497023 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:11.287383080 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:11.639847994 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:11.647548914 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:11.995570898 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:12.009860992 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:12.357781887 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:12.409893036 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:12.505383015 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:12.853424072 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:12.861717939 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:13.206768036 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:13.209826946 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:13.211776972 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:13.554649115 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:13.561141014 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:13.567677021 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:13.915267944 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:13.934108973 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:14.281943083 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:14.286068916 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:14.635204077 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:14.675538063 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:15.228271008 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:15.577686071 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:15.577702999 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:15.578150034 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:15.578629971 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:15.628674984 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:15.673913956 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.021225929 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.021245956 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.021374941 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.021631956 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.021645069 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.021719933 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.021732092 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.021812916 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.022033930 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.022079945 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.022095919 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.022147894 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.022198915 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.022209883 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.022273064 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.022419930 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.022480011 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.022598028 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.022630930 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.022665024 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.022710085 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.023024082 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.023036003 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.023099899 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.023140907 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.023209095 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.043325901 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.369410038 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.369426966 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.369596004 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.369822025 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.369832993 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.369910002 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.369992018 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.370358944 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.370551109 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.370660067 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.371001005 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.371012926 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.371023893 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.371133089 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.371144056 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.371154070 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.371288061 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.371377945 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.371649981 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.371661901 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.371670961 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.371711016 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.371798038 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.371929884 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.372137070 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.372286081 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.372297049 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.372458935 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.372471094 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.372585058 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.372771025 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.372931004 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.373101950 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.373114109 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.373400927 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.719428062 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.720639944 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.720964909 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.721304893 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.721317053 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.721637011 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.721987009 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.722093105 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.722137928 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.722291946 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.722486973 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.722692966 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.722830057 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.722841978 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.723264933 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.723443031 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.723455906 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.723767042 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.723885059 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.724128008 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.724426985 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.724438906 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.724564075 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.724575043 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.724586964 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.724880934 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.725219011 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.725229025 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.725370884 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.725382090 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.725554943 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.725567102 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.725852013 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.777776003 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:16.778141022 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:16.778237104 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:17.069623947 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.069639921 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.069653034 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.069972992 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.069983959 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.069996119 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.070513964 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.070533991 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.070545912 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.070557117 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.071203947 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.071216106 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.071227074 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.071233988 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.072010994 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.072022915 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.072032928 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.072195053 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.072495937 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.072509050 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.073035955 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.073049068 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.073059082 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.073498011 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.073509932 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.120295048 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.120604992 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:17.120701075 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:17.128078938 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.128093004 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.128227949 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.128843069 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.129137993 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.129148960 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.129370928 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.129383087 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.129630089 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.129920959 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.129933119 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.130541086 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.130553007 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.130563021 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.130866051 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.131285906 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.131297112 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.131306887 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.131350994 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.131361961 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.131388903 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.131623983 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.132139921 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.132149935 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.132911921 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.183671951 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.183938026 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:17.184030056 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:17.471133947 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.471352100 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.471364021 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.471405029 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.471666098 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.471847057 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.472093105 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.472107887 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.472399950 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.472465992 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.472577095 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.472662926 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.472929955 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.473167896 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.473206043 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.473581076 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.473615885 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.473757982 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.474154949 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.474198103 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.474355936 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.474704027 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.474751949 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.474785089 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.474963903 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.526921988 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.527262926 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:17.527349949 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:17.531213045 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.531224966 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.531364918 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.531519890 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.531580925 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.531707048 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.531826019 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.531991005 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.532145977 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.532377958 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.532388926 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.532509089 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.532761097 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.532773018 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.532861948 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.532998085 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.533169985 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.533365965 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.533493996 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.533545971 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.533972979 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.533983946 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.533993959 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.534004927 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.534045935 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.573493958 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.573841095 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:17.573915958 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:17.605195045 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.875226021 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.875338078 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.875504971 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.875516891 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.875679016 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.875839949 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.876010895 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.876184940 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.876194954 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.876467943 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.876477957 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.876487017 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.876497030 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.876507998 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.876816988 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.876853943 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.877031088 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.877290964 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.877300978 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.877433062 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.877649069 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.877958059 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.878245115 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.878254890 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.879017115 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.921899080 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.922024012 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.922034979 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.922046900 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.922179937 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.922327995 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:17.922352076 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.922419071 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:17.922522068 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.922694921 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.922866106 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.923037052 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.923331976 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.923342943 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.923821926 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.923835039 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.923999071 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.924151897 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.924164057 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.924508095 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.924664021 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.924675941 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.925187111 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.925199032 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.925416946 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.925578117 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.925589085 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.925894976 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:17.926095009 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:18.269645929 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.269701004 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.269812107 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.269905090 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.270065069 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.270325899 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.270339966 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.270385981 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.270426035 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.270642996 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.270713091 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.270757914 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.270849943 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.271091938 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.271104097 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.271265030 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.271342993 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.271399021 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.271615028 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.271627903 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.271857977 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.272064924 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.272310972 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.272321939 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.272331953 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.273312092 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.273323059 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.273473978 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.273718119 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.273768902 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.273829937 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.273933887 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.274096012 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.274211884 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.274342060 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.274401903 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.274605036 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.274769068 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.274780989 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.276148081 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:18.316129923 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:19.451364994 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:19.799664974 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:19.800399065 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:20.144336939 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:20.151212931 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:20.152456045 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:20.491549969 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:20.500777006 CEST3773249705193.233.132.169192.168.2.5
                                                                                                                                Apr 24, 2024 16:26:20.550487995 CEST4970537732192.168.2.5193.233.132.169
                                                                                                                                Apr 24, 2024 16:26:20.558723927 CEST4970537732192.168.2.5193.233.132.169

                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Behavior

                                                                                                                                Click to jump to process

                                                                                                                                System Behavior

                                                                                                                                General

                                                                                                                                Target ID:0
                                                                                                                                Start time:16:25:57
                                                                                                                                Start date:24/04/2024
                                                                                                                                Path:C:\Users\user\Desktop\file.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                Imagebase:0x370000
                                                                                                                                File size:1'978'181 bytes
                                                                                                                                MD5 hash:19DBB47666F2EB1BB2889C42FC2FD3DB
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:2
                                                                                                                                Start time:16:25:58
                                                                                                                                Start date:24/04/2024
                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat" "
                                                                                                                                Imagebase:0x790000
                                                                                                                                File size:236'544 bytes
                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:3
                                                                                                                                Start time:16:25:58
                                                                                                                                Start date:24/04/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:4
                                                                                                                                Start time:16:25:58
                                                                                                                                Start date:24/04/2024
                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:work.exe -priverdD
                                                                                                                                Imagebase:0xab0000
                                                                                                                                File size:1'643'442 bytes
                                                                                                                                MD5 hash:DB5AF0B8F6E4BDB07B5BEC9FB8DE1B7F
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:5
                                                                                                                                Start time:16:25:59
                                                                                                                                Start date:24/04/2024
                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\RarSFX1\feswa.exe"
                                                                                                                                Imagebase:0x270000
                                                                                                                                File size:1'315'840 bytes
                                                                                                                                MD5 hash:28CBE77F47C6E613C90CF1B449051BF2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.2244021495.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.2240762275.0000000000272000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 100%, Avira
                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                Disassembly

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:9.3%
                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                  Signature Coverage:9.5%
                                                                                                                                  Total number of Nodes:1614
                                                                                                                                  Total number of Limit Nodes:46
                                                                                                                                  execution_graph 26061 372037 143 API calls __EH_prolog 24010 38f73d 24012 38f704 24010->24012 24013 38f9e9 24012->24013 24039 38f747 24013->24039 24015 38f9f9 24016 38fa56 24015->24016 24028 38fa7a 24015->24028 24017 38f987 DloadReleaseSectionWriteAccess 6 API calls 24016->24017 24018 38fa61 RaiseException 24017->24018 24019 38fc4f 24018->24019 24019->24012 24020 38faf2 LoadLibraryExA 24021 38fb53 24020->24021 24022 38fb05 GetLastError 24020->24022 24023 38fb5e FreeLibrary 24021->24023 24027 38fb65 24021->24027 24024 38fb18 24022->24024 24025 38fb2e 24022->24025 24023->24027 24024->24021 24024->24025 24030 38f987 DloadReleaseSectionWriteAccess 6 API calls 24025->24030 24026 38fbc3 GetProcAddress 24029 38fbd3 GetLastError 24026->24029 24034 38fc21 24026->24034 24027->24026 24027->24034 24028->24020 24028->24021 24028->24027 24028->24034 24031 38fbe6 24029->24031 24033 38fb39 RaiseException 24030->24033 24031->24034 24035 38f987 DloadReleaseSectionWriteAccess 6 API calls 24031->24035 24033->24019 24048 38f987 24034->24048 24036 38fc07 RaiseException 24035->24036 24037 38f747 ___delayLoadHelper2@8 6 API calls 24036->24037 24038 38fc1e 24037->24038 24038->24034 24040 38f779 24039->24040 24041 38f753 24039->24041 24040->24015 24056 38f7f0 24041->24056 24043 38f758 24044 38f774 24043->24044 24059 38f919 24043->24059 24064 38f77a GetModuleHandleW GetProcAddress GetProcAddress 24044->24064 24047 38f9c2 24047->24015 24049 38f999 24048->24049 24050 38f9bb 24048->24050 24051 38f7f0 DloadReleaseSectionWriteAccess 3 API calls 24049->24051 24050->24019 24052 38f99e 24051->24052 24053 38f9b6 24052->24053 24054 38f919 DloadProtectSection 3 API calls 24052->24054 24067 38f9bd GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 24053->24067 24054->24053 24065 38f77a GetModuleHandleW GetProcAddress GetProcAddress 24056->24065 24058 38f7f5 24058->24043 24060 38f92e DloadProtectSection 24059->24060 24061 38f934 24060->24061 24062 38f969 VirtualProtect 24060->24062 24066 38f82f VirtualQuery GetSystemInfo 24060->24066 24061->24044 24062->24061 24064->24047 24065->24058 24066->24062 24067->24050 26062 372430 26 API calls std::bad_exception::bad_exception 24070 38f431 24071 38f335 24070->24071 24072 38f9e9 ___delayLoadHelper2@8 14 API calls 24071->24072 24072->24071 26133 399330 52 API calls 3 library calls 24109 37213d 24110 372150 24109->24110 24111 372148 24109->24111 24114 37214e 24110->24114 24115 38febe 24110->24115 24128 372162 27 API calls Concurrency::cancel_current_task 24111->24128 24116 38fec3 ___std_exception_copy 24115->24116 24117 38fedd 24116->24117 24119 38fedf 24116->24119 24131 398e5c 7 API calls 2 library calls 24116->24131 24117->24114 24120 3748f5 Concurrency::cancel_current_task 24119->24120 24122 38fee9 24119->24122 24129 393340 RaiseException 24120->24129 24132 393340 RaiseException 24122->24132 24123 374911 24126 374927 24123->24126 24130 37136b 26 API calls Concurrency::cancel_current_task 24123->24130 24125 390820 24126->24114 24128->24114 24129->24123 24130->24126 24131->24116 24132->24125 26134 390733 20 API calls 26091 380534 FreeLibrary 26063 371025 29 API calls 24136 38f32b 14 API calls ___delayLoadHelper2@8 26120 39962a 55 API calls _free 26064 38742e 138 API calls __InternalCxxFrameHandler 26092 376920 41 API calls __EH_prolog 26065 38d420 91 API calls _swprintf 24140 39a620 24148 39bf6f 24140->24148 24143 39a634 24145 39a63c 24146 39a649 24145->24146 24156 39a650 11 API calls 24145->24156 24149 39be58 _abort 5 API calls 24148->24149 24150 39bf96 24149->24150 24151 39bfae TlsAlloc 24150->24151 24152 39bf9f 24150->24152 24151->24152 24153 390d7c _ValidateLocalCookies 5 API calls 24152->24153 24154 39a62a 24153->24154 24154->24143 24155 39a599 20 API calls 2 library calls 24154->24155 24155->24145 24156->24143 24157 37ca2e 24158 37ca40 __cftof 24157->24158 24161 3823fb 24158->24161 24164 3823bd GetCurrentProcess GetProcessAffinityMask 24161->24164 24165 37ca97 24164->24165 24366 39d211 31 API calls _ValidateLocalCookies 26066 38b410 GdipDisposeImage GdipFree 24368 390612 24369 39061e ___scrt_is_nonwritable_in_current_image 24368->24369 24400 3901ac 24369->24400 24371 390625 24372 390778 24371->24372 24375 39064f 24371->24375 24477 390a0a 4 API calls 2 library calls 24372->24477 24374 39077f 24470 39931a 24374->24470 24384 39068e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24375->24384 24411 399ebd 24375->24411 24382 39066e 24390 3906ef 24384->24390 24473 398e0c 38 API calls _abort 24384->24473 24386 3906f5 24420 399e0e 51 API calls 24386->24420 24389 3906fd 24421 38f05c 24389->24421 24419 390b25 GetStartupInfoW __cftof 24390->24419 24394 390711 24394->24374 24395 390715 24394->24395 24396 39071e 24395->24396 24475 3992bd 28 API calls _abort 24395->24475 24476 39031d 12 API calls ___scrt_uninitialize_crt 24396->24476 24399 390726 24399->24382 24401 3901b5 24400->24401 24479 390826 IsProcessorFeaturePresent 24401->24479 24403 3901c1 24480 393bee 24403->24480 24405 3901ca 24405->24371 24406 3901c6 24406->24405 24488 399d47 24406->24488 24409 3901e1 24409->24371 24412 399ed4 24411->24412 24413 390d7c _ValidateLocalCookies 5 API calls 24412->24413 24414 390668 24413->24414 24414->24382 24415 399e61 24414->24415 24417 399e90 24415->24417 24416 390d7c _ValidateLocalCookies 5 API calls 24418 399eb9 24416->24418 24417->24416 24418->24384 24419->24386 24420->24389 24579 381b83 24421->24579 24425 38f07c 24628 38bd1b 24425->24628 24427 38f085 __cftof 24428 38f098 GetCommandLineW 24427->24428 24429 38f0ab 24428->24429 24430 38f13c GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24428->24430 24632 38d708 24429->24632 24432 374a20 _swprintf 51 API calls 24430->24432 24434 38f1a3 SetEnvironmentVariableW GetModuleHandleW LoadIconW 24432->24434 24643 38c8cd LoadBitmapW 24434->24643 24435 38f0b9 OpenFileMappingW 24439 38f12d CloseHandle 24435->24439 24440 38f0d1 MapViewOfFile 24435->24440 24436 38f136 24637 38ed2e 24436->24637 24439->24430 24442 38f0e2 __InternalCxxFrameHandler 24440->24442 24443 38f126 UnmapViewOfFile 24440->24443 24447 38ed2e 2 API calls 24442->24447 24443->24439 24449 38f0fe 24447->24449 24681 38069c 82 API calls 24449->24681 24450 38a0d7 27 API calls 24452 38f203 DialogBoxParamW 24450->24452 24456 38f23d 24452->24456 24453 38f112 24682 380752 82 API calls _wcslen 24453->24682 24455 38f11d 24455->24443 24457 38f24f Sleep 24456->24457 24458 38f256 24456->24458 24457->24458 24461 38f264 24458->24461 24670 38bfb3 24458->24670 24460 38f283 DeleteObject 24462 38f298 DeleteObject 24460->24462 24463 38f29f 24460->24463 24461->24460 24462->24463 24464 38f2d0 24463->24464 24465 38f2e2 24463->24465 24466 38ed8b 6 API calls 24464->24466 24678 38bd81 24465->24678 24467 38f2d6 CloseHandle 24466->24467 24467->24465 24469 38f31c 24474 390b5b GetModuleHandleW 24469->24474 24888 399097 24470->24888 24473->24390 24474->24394 24475->24396 24476->24399 24477->24374 24479->24403 24492 394c97 24480->24492 24483 393bf7 24483->24406 24485 393bff 24486 393c0a 24485->24486 24506 394cd3 DeleteCriticalSection 24485->24506 24486->24406 24533 39d21a 24488->24533 24491 393c0d 7 API calls 2 library calls 24491->24405 24493 394ca0 24492->24493 24495 394cc9 24493->24495 24496 393bf3 24493->24496 24507 394edc 24493->24507 24512 394cd3 DeleteCriticalSection 24495->24512 24496->24483 24498 393d1c 24496->24498 24526 394ded 24498->24526 24501 393d31 24501->24485 24503 393d3f 24504 393d4c 24503->24504 24532 393d4f 6 API calls ___vcrt_FlsFree 24503->24532 24504->24485 24506->24483 24513 394d02 24507->24513 24510 394f14 InitializeCriticalSectionAndSpinCount 24511 394eff 24510->24511 24511->24493 24512->24496 24514 394d1f 24513->24514 24518 394d23 24513->24518 24514->24510 24514->24511 24515 394d8b GetProcAddress 24515->24514 24517 394d99 24515->24517 24517->24514 24518->24514 24518->24515 24519 394d7c 24518->24519 24521 394da2 LoadLibraryExW 24518->24521 24519->24515 24520 394d84 FreeLibrary 24519->24520 24520->24515 24522 394db9 GetLastError 24521->24522 24523 394de9 24521->24523 24522->24523 24524 394dc4 ___vcrt_FlsGetValue 24522->24524 24523->24518 24524->24523 24525 394dda LoadLibraryExW 24524->24525 24525->24518 24527 394d02 ___vcrt_FlsGetValue 5 API calls 24526->24527 24528 394e07 24527->24528 24529 394e20 TlsAlloc 24528->24529 24530 393d26 24528->24530 24530->24501 24531 394e9e 6 API calls ___vcrt_FlsGetValue 24530->24531 24531->24503 24532->24501 24534 39d237 24533->24534 24537 39d233 24533->24537 24534->24537 24539 39b860 24534->24539 24535 390d7c _ValidateLocalCookies 5 API calls 24536 3901d3 24535->24536 24536->24409 24536->24491 24537->24535 24540 39b86c ___scrt_is_nonwritable_in_current_image 24539->24540 24551 39bdf1 EnterCriticalSection 24540->24551 24542 39b873 24552 39d6e8 24542->24552 24544 39b882 24550 39b891 24544->24550 24565 39b6e9 29 API calls 24544->24565 24547 39b88c 24566 39b79f GetStdHandle GetFileType 24547->24566 24548 39b8a2 _abort 24548->24534 24567 39b8ad LeaveCriticalSection _abort 24550->24567 24551->24542 24553 39d6f4 ___scrt_is_nonwritable_in_current_image 24552->24553 24554 39d718 24553->24554 24555 39d701 24553->24555 24568 39bdf1 EnterCriticalSection 24554->24568 24576 39a7eb 20 API calls __dosmaperr 24555->24576 24558 39d724 24564 39d750 24558->24564 24569 39d639 24558->24569 24559 39d706 24577 3951b9 26 API calls _abort 24559->24577 24561 39d710 _abort 24561->24544 24578 39d777 LeaveCriticalSection _abort 24564->24578 24565->24547 24566->24550 24567->24548 24568->24558 24570 39c2f6 _abort 20 API calls 24569->24570 24571 39d64b 24570->24571 24573 39c0ca 11 API calls 24571->24573 24575 39d658 24571->24575 24572 39a66a _free 20 API calls 24574 39d6aa 24572->24574 24573->24571 24574->24558 24575->24572 24576->24559 24577->24561 24578->24561 24580 38ffd0 24579->24580 24581 381b8d GetModuleHandleW 24580->24581 24582 381ba8 GetProcAddress 24581->24582 24583 381c07 24581->24583 24585 381bd9 GetProcAddress 24582->24585 24586 381bc1 24582->24586 24584 381f34 GetModuleFileNameW 24583->24584 24692 3989ee 42 API calls 2 library calls 24583->24692 24595 381f52 24584->24595 24588 381beb 24585->24588 24586->24585 24588->24583 24589 381e74 24589->24584 24590 381e7f GetModuleFileNameW CreateFileW 24589->24590 24591 381f28 CloseHandle 24590->24591 24592 381eaf SetFilePointer 24590->24592 24591->24584 24592->24591 24593 381ebd ReadFile 24592->24593 24593->24591 24597 381edb 24593->24597 24598 381fb4 GetFileAttributesW 24595->24598 24600 381f7d CompareStringW 24595->24600 24601 381fcc 24595->24601 24683 37c619 24595->24683 24686 381b3b 24595->24686 24597->24591 24599 381b3b 2 API calls 24597->24599 24598->24595 24598->24601 24599->24597 24600->24595 24602 381fd7 24601->24602 24605 38200c 24601->24605 24604 381ff0 GetFileAttributesW 24602->24604 24606 382008 24602->24606 24603 38211b 24627 38b65d GetCurrentDirectoryW 24603->24627 24604->24602 24604->24606 24605->24603 24607 37c619 GetVersionExW 24605->24607 24606->24605 24608 382026 24607->24608 24609 38202d 24608->24609 24610 382093 24608->24610 24612 381b3b 2 API calls 24609->24612 24611 374a20 _swprintf 51 API calls 24610->24611 24614 3820bb AllocConsole 24611->24614 24613 382037 24612->24613 24615 381b3b 2 API calls 24613->24615 24616 3820c8 GetCurrentProcessId AttachConsole 24614->24616 24617 382113 ExitProcess 24614->24617 24618 382041 24615->24618 24697 394fa3 24616->24697 24693 37f937 24618->24693 24620 3820e9 GetStdHandle WriteConsoleW Sleep FreeConsole 24620->24617 24623 374a20 _swprintf 51 API calls 24624 38206f 24623->24624 24625 37f937 53 API calls 24624->24625 24626 38207e 24625->24626 24626->24617 24627->24425 24629 381b3b 2 API calls 24628->24629 24630 38bd2f OleInitialize 24629->24630 24631 38bd52 GdiplusStartup SHGetMalloc 24630->24631 24631->24427 24635 38d712 24632->24635 24633 38d828 24633->24435 24633->24436 24634 383307 CharUpperW 24634->24635 24635->24633 24635->24634 24722 380752 82 API calls _wcslen 24635->24722 24638 38ffd0 24637->24638 24639 38ed3b SetEnvironmentVariableW 24638->24639 24641 38ed5e 24639->24641 24640 38ed86 24640->24430 24641->24640 24642 38ed7a SetEnvironmentVariableW 24641->24642 24642->24640 24644 38c8fb GetObjectW 24643->24644 24645 38c8ee 24643->24645 24647 38c90a 24644->24647 24728 38b6d2 FindResourceW 24645->24728 24723 38b5d6 24647->24723 24651 38c960 24662 37ed62 24651->24662 24652 38c93c 24742 38b615 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24652->24742 24654 38b6d2 12 API calls 24656 38c92d 24654->24656 24655 38c944 24743 38b5f4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24655->24743 24656->24652 24658 38c933 DeleteObject 24656->24658 24658->24652 24659 38c94d 24744 38b81c 8 API calls 24659->24744 24661 38c954 DeleteObject 24661->24651 24755 37ed87 24662->24755 24667 38a0d7 24668 38febe 27 API calls 24667->24668 24669 38a0f6 24668->24669 24669->24450 24671 38bfc0 24670->24671 24674 38c04e 24671->24674 24884 383338 24671->24884 24673 38bfe8 24673->24674 24887 38bc19 SetCurrentDirectoryW 24673->24887 24674->24461 24676 38bff6 __cftof _wcslen 24677 38c02a SHFileOperationW 24676->24677 24677->24674 24679 38bdb0 GdiplusShutdown OleUninitialize 24678->24679 24679->24469 24681->24453 24682->24455 24684 37c62d GetVersionExW 24683->24684 24685 37c669 24683->24685 24684->24685 24685->24595 24687 38ffd0 24686->24687 24688 381b48 GetSystemDirectoryW 24687->24688 24689 381b7e 24688->24689 24690 381b60 24688->24690 24689->24595 24691 381b71 LoadLibraryW 24690->24691 24691->24689 24692->24589 24694 37f947 24693->24694 24699 37f968 24694->24699 24698 394fab 24697->24698 24698->24620 24698->24698 24705 37ecd0 24699->24705 24702 37f965 24702->24623 24703 37f98b LoadStringW 24703->24702 24704 37f9a2 LoadStringW 24703->24704 24704->24702 24710 37ec0c 24705->24710 24707 37eced 24708 37ed02 24707->24708 24718 37ed10 26 API calls 24707->24718 24708->24702 24708->24703 24711 37ec24 24710->24711 24717 37eca4 _strncpy 24710->24717 24712 37ec48 24711->24712 24719 3830f5 WideCharToMultiByte 24711->24719 24714 37ec79 24712->24714 24720 37f8d1 50 API calls __vsnprintf 24712->24720 24721 397571 26 API calls 3 library calls 24714->24721 24717->24707 24718->24708 24719->24712 24720->24714 24721->24717 24722->24635 24745 38b5f4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24723->24745 24725 38b5dd 24726 38b5e9 24725->24726 24746 38b615 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24725->24746 24726->24651 24726->24652 24726->24654 24729 38b7e3 24728->24729 24730 38b6f5 SizeofResource 24728->24730 24729->24644 24729->24647 24730->24729 24731 38b70c LoadResource 24730->24731 24731->24729 24732 38b721 LockResource 24731->24732 24732->24729 24733 38b732 GlobalAlloc 24732->24733 24733->24729 24734 38b74d GlobalLock 24733->24734 24735 38b7dc GlobalFree 24734->24735 24736 38b75c __InternalCxxFrameHandler 24734->24736 24735->24729 24737 38b7d5 GlobalUnlock 24736->24737 24747 38b636 GdipAlloc 24736->24747 24737->24735 24740 38b7aa GdipCreateHBITMAPFromBitmap 24741 38b7c0 24740->24741 24741->24737 24742->24655 24743->24659 24744->24661 24745->24725 24746->24726 24748 38b648 24747->24748 24749 38b655 24747->24749 24751 38b3c8 24748->24751 24749->24737 24749->24740 24749->24741 24752 38b3e9 GdipCreateBitmapFromStreamICM 24751->24752 24753 38b3f0 GdipCreateBitmapFromStream 24751->24753 24754 38b3f5 24752->24754 24753->24754 24754->24749 24756 37ed95 __EH_prolog 24755->24756 24757 37edc4 GetModuleFileNameW 24756->24757 24758 37edf5 24756->24758 24759 37edde 24757->24759 24801 37ab40 24758->24801 24759->24758 24762 37ee51 24812 397730 24762->24812 24765 37ee25 24765->24762 24767 37f581 78 API calls 24765->24767 24779 37f06a 24765->24779 24766 37ee64 24768 397730 26 API calls 24766->24768 24767->24765 24776 37ee76 ___vcrt_FlsGetValue 24768->24776 24769 37efa5 24769->24779 24848 37b000 81 API calls 24769->24848 24773 37efbf ___std_exception_copy 24774 37ae60 82 API calls 24773->24774 24773->24779 24777 37efe8 ___std_exception_copy 24774->24777 24776->24769 24776->24779 24826 37b110 24776->24826 24842 37ae60 24776->24842 24847 37b000 81 API calls 24776->24847 24777->24779 24796 37eff3 _wcslen ___std_exception_copy ___vcrt_FlsGetValue 24777->24796 24849 382ed2 MultiByteToWideChar 24777->24849 24835 37a801 24779->24835 24780 37f479 24789 37f4fe 24780->24789 24855 39a09e 26 API calls 2 library calls 24780->24855 24783 37f534 24787 397730 26 API calls 24783->24787 24785 37f4e6 24857 37f59c 78 API calls 24785->24857 24790 37f54d 24787->24790 24788 37f48e 24856 398a18 26 API calls 2 library calls 24788->24856 24789->24783 24791 37f581 78 API calls 24789->24791 24792 397730 26 API calls 24790->24792 24791->24789 24792->24779 24794 3830f5 WideCharToMultiByte 24794->24796 24796->24779 24796->24780 24796->24794 24850 37f8d1 50 API calls __vsnprintf 24796->24850 24851 397571 26 API calls 3 library calls 24796->24851 24852 39a09e 26 API calls 2 library calls 24796->24852 24853 398a18 26 API calls 2 library calls 24796->24853 24854 37f59c 78 API calls 24796->24854 24799 37f5be GetModuleHandleW FindResourceW 24800 37ed75 24799->24800 24800->24667 24802 37ab4a 24801->24802 24803 37abab CreateFileW 24802->24803 24804 37abcc GetLastError 24803->24804 24806 37ac1b 24803->24806 24805 37cf32 GetCurrentDirectoryW 24804->24805 24807 37abec 24805->24807 24808 37ac5f 24806->24808 24810 37ac45 SetFileTime 24806->24810 24807->24806 24809 37abf0 CreateFileW GetLastError 24807->24809 24808->24765 24809->24806 24811 37ac15 24809->24811 24810->24808 24811->24806 24813 397769 24812->24813 24814 39776d 24813->24814 24825 397795 24813->24825 24858 39a7eb 20 API calls __dosmaperr 24814->24858 24816 397ab9 24818 390d7c _ValidateLocalCookies 5 API calls 24816->24818 24817 397772 24859 3951b9 26 API calls _abort 24817->24859 24820 397ac6 24818->24820 24820->24766 24821 39777d 24822 390d7c _ValidateLocalCookies 5 API calls 24821->24822 24824 397789 24822->24824 24824->24766 24825->24816 24860 397650 5 API calls _ValidateLocalCookies 24825->24860 24827 37b135 24826->24827 24828 37b122 24826->24828 24829 37b140 24827->24829 24830 37b148 SetFilePointer 24827->24830 24828->24829 24861 377800 77 API calls 24828->24861 24829->24776 24830->24829 24832 37b164 GetLastError 24830->24832 24832->24829 24833 37b16e 24832->24833 24833->24829 24862 377800 77 API calls 24833->24862 24836 37a825 24835->24836 24841 37a836 24835->24841 24837 37a831 24836->24837 24838 37a838 24836->24838 24836->24841 24863 37a9ae 24837->24863 24868 37a880 24838->24868 24841->24799 24843 37ae6c 24842->24843 24845 37ae73 24842->24845 24843->24776 24845->24843 24846 37a9e5 GetStdHandle ReadFile GetLastError GetLastError GetFileType 24845->24846 24883 3777bd 77 API calls 24845->24883 24846->24845 24847->24776 24848->24773 24849->24796 24850->24796 24851->24796 24852->24796 24853->24796 24854->24796 24855->24788 24856->24785 24857->24789 24858->24817 24859->24821 24860->24825 24861->24827 24862->24829 24864 37a9b7 24863->24864 24865 37a9e1 24863->24865 24864->24865 24874 37b470 24864->24874 24865->24841 24869 37a8aa 24868->24869 24870 37a88c 24868->24870 24871 37a8c9 24869->24871 24882 377685 76 API calls 24869->24882 24870->24869 24872 37a898 FindCloseChangeNotification 24870->24872 24871->24841 24872->24869 24875 38ffd0 24874->24875 24876 37b47d DeleteFileW 24875->24876 24877 37b490 24876->24877 24878 37a9df 24876->24878 24879 37cf32 GetCurrentDirectoryW 24877->24879 24878->24841 24880 37b4a4 24879->24880 24880->24878 24881 37b4a8 DeleteFileW 24880->24881 24881->24878 24882->24871 24883->24845 24885 383345 _wcslen 24884->24885 24886 383378 CompareStringW 24885->24886 24886->24673 24887->24676 24889 3990a3 _abort 24888->24889 24890 3990aa 24889->24890 24891 3990bc 24889->24891 24924 3991f1 GetModuleHandleW 24890->24924 24912 39bdf1 EnterCriticalSection 24891->24912 24894 3990af 24894->24891 24925 399235 GetModuleHandleExW 24894->24925 24895 399161 24913 3991a1 24895->24913 24899 399138 24904 399150 24899->24904 24909 399e61 _abort 5 API calls 24899->24909 24901 3990c3 24901->24895 24901->24899 24933 399bb0 20 API calls _abort 24901->24933 24902 3991aa 24934 3a3550 5 API calls _ValidateLocalCookies 24902->24934 24903 39917e 24916 3991b0 24903->24916 24905 399e61 _abort 5 API calls 24904->24905 24905->24895 24909->24904 24912->24901 24935 39be41 LeaveCriticalSection 24913->24935 24915 39917a 24915->24902 24915->24903 24936 39c236 24916->24936 24919 3991de 24922 399235 _abort 8 API calls 24919->24922 24920 3991be GetPEB 24920->24919 24921 3991ce GetCurrentProcess TerminateProcess 24920->24921 24921->24919 24923 3991e6 ExitProcess 24922->24923 24924->24894 24926 39925f GetProcAddress 24925->24926 24927 399282 24925->24927 24928 399274 24926->24928 24929 399288 FreeLibrary 24927->24929 24930 399291 24927->24930 24928->24927 24929->24930 24931 390d7c _ValidateLocalCookies 5 API calls 24930->24931 24932 3990bb 24931->24932 24932->24891 24933->24899 24935->24915 24937 39c25b 24936->24937 24941 39c251 24936->24941 24938 39be58 _abort 5 API calls 24937->24938 24938->24941 24939 390d7c _ValidateLocalCookies 5 API calls 24940 3991ba 24939->24940 24940->24919 24940->24920 24941->24939 26137 38c316 GetDlgItem KiUserCallbackDispatcher ShowWindow SendMessageW 26138 382f0b GetCPInfo IsDBCSLeadByte 26067 371800 86 API calls Concurrency::cancel_current_task 26122 390600 27 API calls 24947 38f002 24948 38f00f 24947->24948 24949 37f937 53 API calls 24948->24949 24950 38f01c 24949->24950 24951 374a20 _swprintf 51 API calls 24950->24951 24952 38f031 SetDlgItemTextW 24951->24952 24955 38c758 PeekMessageW 24952->24955 24956 38c7ac 24955->24956 24957 38c773 GetMessageW 24955->24957 24958 38c798 TranslateMessage DispatchMessageW 24957->24958 24959 38c789 IsDialogMessageW 24957->24959 24958->24956 24959->24956 24959->24958 26094 3a3100 CloseHandle 24961 37b20a 24962 37b21f 24961->24962 24963 37b218 24961->24963 24964 37b22c GetStdHandle 24962->24964 24971 37b23b 24962->24971 24964->24971 24965 37b293 WriteFile 24965->24971 24966 37b264 WriteFile 24967 37b25f 24966->24967 24966->24971 24967->24966 24967->24971 24969 37b325 24973 377951 77 API calls 24969->24973 24971->24963 24971->24965 24971->24966 24971->24967 24971->24969 24972 37765a 78 API calls 24971->24972 24972->24971 24973->24963 26140 39c378 27 API calls 3 library calls 24975 371075 24976 3804e5 41 API calls 24975->24976 24977 37107a 24976->24977 24980 390372 29 API calls 24977->24980 24979 371084 24980->24979 26095 372570 96 API calls 26123 39b660 71 API calls _free 26124 38fe61 48 API calls _unexpected 26125 3a1a60 IsProcessorFeaturePresent 25121 38fd58 25122 38fd62 25121->25122 25123 38f9e9 ___delayLoadHelper2@8 14 API calls 25122->25123 25124 38fd6f 25123->25124 26072 37a850 80 API calls Concurrency::cancel_current_task 26073 38b450 GdipCloneImage GdipAlloc 26141 38e750 70 API calls 26100 391550 51 API calls 2 library calls 26102 38a540 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 26103 390540 46 API calls __RTC_Initialize 26144 390747 29 API calls _abort 23989 3710b5 23994 37644d 23989->23994 23993 3710c4 23995 376457 __EH_prolog 23994->23995 24003 37c9d8 GetCurrentProcess GetProcessAffinityMask 23995->24003 23997 376464 24004 3804e5 23997->24004 23999 3764bb 24008 37665c GetCurrentProcess GetProcessAffinityMask 23999->24008 24001 3710ba 24002 390372 29 API calls 24001->24002 24002->23993 24003->23997 24005 3804ef __EH_prolog 24004->24005 24009 374846 41 API calls 24005->24009 24007 38050b 24007->23999 24008->24001 24009->24007 26145 38c7b0 100 API calls 26146 390f0f 9 API calls 2 library calls 24073 39bdb0 24074 39bdbb 24073->24074 24076 39bde4 24074->24076 24077 39bde0 24074->24077 24079 39c0ca 24074->24079 24086 39be10 DeleteCriticalSection 24076->24086 24087 39be58 24079->24087 24082 39c10f InitializeCriticalSectionAndSpinCount 24083 39c0fa 24082->24083 24094 390d7c 24083->24094 24085 39c126 24085->24074 24086->24077 24088 39be88 24087->24088 24089 39be84 24087->24089 24088->24082 24088->24083 24089->24088 24093 39bea8 24089->24093 24101 39bef4 24089->24101 24091 39beb4 GetProcAddress 24092 39bec4 _abort 24091->24092 24092->24088 24093->24088 24093->24091 24095 390d85 IsProcessorFeaturePresent 24094->24095 24096 390d84 24094->24096 24098 390dc7 24095->24098 24096->24085 24108 390d8a SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 24098->24108 24100 390eaa 24100->24085 24102 39bf15 LoadLibraryExW 24101->24102 24106 39bf0a 24101->24106 24103 39bf4a 24102->24103 24104 39bf32 GetLastError 24102->24104 24103->24106 24107 39bf61 FreeLibrary 24103->24107 24104->24103 24105 39bf3d LoadLibraryExW 24104->24105 24105->24103 24106->24089 24107->24106 24108->24100 26104 38d8d8 108 API calls 4 library calls 26105 38f5af 14 API calls ___delayLoadHelper2@8 26075 38a4a0 GetClientRect 26076 39d0a0 GetCommandLineA GetCommandLineW 26078 371095 44 API calls 24173 38de9d 24174 38df67 24173->24174 24181 38dec0 24173->24181 24187 38d8d8 _wcslen _wcsrchr 24174->24187 24201 38e8df 24174->24201 24177 38e54f 24179 383316 CompareStringW 24179->24181 24180 38dbac SetWindowTextW 24180->24187 24181->24174 24181->24179 24186 38d99a SetFileAttributesW 24189 38da54 GetFileAttributesW 24186->24189 24199 38d9b4 __cftof _wcslen 24186->24199 24187->24177 24187->24180 24187->24186 24187->24199 24226 383316 CompareStringW 24187->24226 24227 38b65d GetCurrentDirectoryW 24187->24227 24232 37b9ca 6 API calls 24187->24232 24233 37b953 FindClose 24187->24233 24234 38c67e 76 API calls 2 library calls 24187->24234 24235 39521e 24187->24235 24248 38c504 ExpandEnvironmentStringsW 24187->24248 24189->24187 24191 38da66 DeleteFileW 24189->24191 24191->24187 24193 38da77 24191->24193 24192 38dd76 GetDlgItem SetWindowTextW SendMessageW 24192->24199 24229 374a20 24193->24229 24195 38ddb6 SendMessageW 24195->24187 24197 38daac MoveFileW 24197->24187 24198 38dac4 MoveFileExW 24197->24198 24198->24187 24199->24187 24199->24192 24199->24195 24200 38da30 SHFileOperationW 24199->24200 24228 37cdc0 51 API calls 2 library calls 24199->24228 24200->24189 24203 38e8e9 __cftof _wcslen 24201->24203 24202 38eb37 24202->24187 24203->24202 24204 38eb10 24203->24204 24205 38e9f5 24203->24205 24258 383316 CompareStringW 24203->24258 24204->24202 24209 38eb2e ShowWindow 24204->24209 24249 37b4c1 24205->24249 24209->24202 24210 38ea29 ShellExecuteExW 24210->24202 24212 38ea3c 24210->24212 24214 38ea60 IsWindowVisible 24212->24214 24215 38ea75 WaitForInputIdle 24212->24215 24216 38eacb CloseHandle 24212->24216 24213 38ea21 24213->24210 24214->24215 24217 38ea6b ShowWindow 24214->24217 24252 38ed8b WaitForSingleObject 24215->24252 24219 38eae4 24216->24219 24220 38ead9 24216->24220 24217->24215 24219->24204 24260 383316 CompareStringW 24220->24260 24221 38ea8d 24221->24216 24223 38eaa0 GetExitCodeProcess 24221->24223 24223->24216 24224 38eab3 24223->24224 24224->24216 24226->24187 24227->24187 24228->24199 24275 3749f3 24229->24275 24232->24187 24233->24187 24234->24187 24236 39a6a4 24235->24236 24237 39a6bc 24236->24237 24238 39a6b1 24236->24238 24239 39a6c4 24237->24239 24246 39a6cd _abort 24237->24246 24354 39a7fe 24238->24354 24241 39a66a _free 20 API calls 24239->24241 24244 39a6b9 24241->24244 24242 39a6d2 24361 39a7eb 20 API calls __dosmaperr 24242->24361 24243 39a6f7 HeapReAlloc 24243->24244 24243->24246 24244->24187 24246->24242 24246->24243 24362 398e5c 7 API calls 2 library calls 24246->24362 24248->24187 24261 37b4d3 24249->24261 24253 38eda6 24252->24253 24257 38edeb 24252->24257 24254 38eda9 PeekMessageW 24253->24254 24255 38edbb GetMessageW TranslateMessage DispatchMessageW 24254->24255 24256 38eddc WaitForSingleObject 24254->24256 24255->24256 24256->24254 24256->24257 24257->24221 24258->24205 24259 37cad4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 24259->24213 24260->24219 24269 38ffd0 24261->24269 24264 37b4f1 24271 37cf32 24264->24271 24265 37b4ca 24265->24210 24265->24259 24267 37b505 24267->24265 24268 37b509 GetFileAttributesW 24267->24268 24268->24265 24270 37b4e0 GetFileAttributesW 24269->24270 24270->24264 24270->24265 24272 37cf3f _wcslen 24271->24272 24273 37cfe7 GetCurrentDirectoryW 24272->24273 24274 37cf68 _wcslen 24272->24274 24273->24274 24274->24267 24276 374a0a __vswprintf_c_l 24275->24276 24279 3972e2 24276->24279 24282 3953a5 24279->24282 24283 3953cd 24282->24283 24284 3953e5 24282->24284 24299 39a7eb 20 API calls __dosmaperr 24283->24299 24284->24283 24286 3953ed 24284->24286 24301 395944 24286->24301 24287 3953d2 24300 3951b9 26 API calls _abort 24287->24300 24291 3953dd 24293 390d7c _ValidateLocalCookies 5 API calls 24291->24293 24295 374a14 GetFileAttributesW 24293->24295 24294 395475 24310 395cf4 51 API calls 4 library calls 24294->24310 24295->24193 24295->24197 24298 395480 24311 3959c7 20 API calls _free 24298->24311 24299->24287 24300->24291 24302 395961 24301->24302 24308 3953fd 24301->24308 24302->24308 24312 39a515 GetLastError 24302->24312 24304 395982 24332 39aaf6 38 API calls __cftof 24304->24332 24306 39599b 24333 39ab23 38 API calls __cftof 24306->24333 24309 39590f 20 API calls 2 library calls 24308->24309 24309->24294 24310->24298 24311->24291 24313 39a52b 24312->24313 24314 39a531 24312->24314 24334 39c01b 11 API calls 2 library calls 24313->24334 24318 39a580 SetLastError 24314->24318 24335 39c2f6 24314->24335 24318->24304 24319 39a54b 24342 39a66a 24319->24342 24322 39a560 24322->24319 24324 39a567 24322->24324 24323 39a551 24325 39a58c SetLastError 24323->24325 24349 39a380 20 API calls _abort 24324->24349 24350 39a0f4 38 API calls _abort 24325->24350 24327 39a572 24329 39a66a _free 20 API calls 24327->24329 24331 39a579 24329->24331 24331->24318 24331->24325 24332->24306 24333->24308 24334->24314 24341 39c303 _abort 24335->24341 24336 39c343 24352 39a7eb 20 API calls __dosmaperr 24336->24352 24337 39c32e RtlAllocateHeap 24339 39a543 24337->24339 24337->24341 24339->24319 24348 39c071 11 API calls 2 library calls 24339->24348 24341->24336 24341->24337 24351 398e5c 7 API calls 2 library calls 24341->24351 24343 39a675 RtlFreeHeap 24342->24343 24347 39a69e __dosmaperr 24342->24347 24344 39a68a 24343->24344 24343->24347 24353 39a7eb 20 API calls __dosmaperr 24344->24353 24346 39a690 GetLastError 24346->24347 24347->24323 24348->24322 24349->24327 24351->24341 24352->24339 24353->24346 24355 39a83c 24354->24355 24356 39a80c _abort 24354->24356 24364 39a7eb 20 API calls __dosmaperr 24355->24364 24356->24355 24358 39a827 RtlAllocateHeap 24356->24358 24363 398e5c 7 API calls 2 library calls 24356->24363 24358->24356 24359 39a83a 24358->24359 24359->24244 24361->24244 24362->24246 24363->24356 24364->24359 26079 38b090 28 API calls 26106 39b590 21 API calls 2 library calls 26127 393a90 6 API calls 4 library calls 26149 390790 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 26128 393e8b 38 API calls 4 library calls 26082 388880 133 API calls 26108 391180 RaiseException _com_raise_error _com_error::_com_error 24984 39ccf0 24985 39ccf9 24984->24985 24986 39cd02 24984->24986 24988 39cbe7 24985->24988 24989 39a515 _abort 38 API calls 24988->24989 24990 39cbf4 24989->24990 25008 39cd0e 24990->25008 24992 39cbfc 25017 39c97b 24992->25017 24995 39cc13 24995->24986 24996 39a7fe __vsnwprintf_l 21 API calls 24997 39cc24 24996->24997 25003 39cc56 24997->25003 25024 39cdb0 24997->25024 25000 39a66a _free 20 API calls 25000->24995 25001 39cc51 25034 39a7eb 20 API calls __dosmaperr 25001->25034 25003->25000 25004 39cc6e 25005 39a66a _free 20 API calls 25004->25005 25006 39cc9a 25004->25006 25005->25006 25006->25003 25035 39c851 26 API calls 25006->25035 25009 39cd1a ___scrt_is_nonwritable_in_current_image 25008->25009 25010 39a515 _abort 38 API calls 25009->25010 25015 39cd24 25010->25015 25012 39cda8 _abort 25012->24992 25015->25012 25016 39a66a _free 20 API calls 25015->25016 25036 39a0f4 38 API calls _abort 25015->25036 25037 39bdf1 EnterCriticalSection 25015->25037 25038 39cd9f LeaveCriticalSection _abort 25015->25038 25016->25015 25018 395944 __cftof 38 API calls 25017->25018 25019 39c98d 25018->25019 25020 39c99c GetOEMCP 25019->25020 25021 39c9ae 25019->25021 25023 39c9c5 25020->25023 25022 39c9b3 GetACP 25021->25022 25021->25023 25022->25023 25023->24995 25023->24996 25025 39c97b 40 API calls 25024->25025 25026 39cdcf 25025->25026 25028 39ce20 IsValidCodePage 25026->25028 25031 39cdd6 25026->25031 25033 39ce45 __cftof 25026->25033 25027 390d7c _ValidateLocalCookies 5 API calls 25029 39cc49 25027->25029 25030 39ce32 GetCPInfo 25028->25030 25028->25031 25029->25001 25029->25004 25030->25031 25030->25033 25031->25027 25039 39ca53 GetCPInfo 25033->25039 25034->25003 25035->25003 25037->25015 25038->25015 25040 39ca8d 25039->25040 25048 39cb37 25039->25048 25049 39db48 25040->25049 25042 390d7c _ValidateLocalCookies 5 API calls 25044 39cbe3 25042->25044 25044->25031 25047 39bd38 __vsnwprintf_l 43 API calls 25047->25048 25048->25042 25050 395944 __cftof 38 API calls 25049->25050 25051 39db68 MultiByteToWideChar 25050->25051 25053 39dba6 25051->25053 25061 39dc3e 25051->25061 25055 39a7fe __vsnwprintf_l 21 API calls 25053->25055 25058 39dbc7 __cftof __vsnwprintf_l 25053->25058 25054 390d7c _ValidateLocalCookies 5 API calls 25056 39caee 25054->25056 25055->25058 25063 39bd38 25056->25063 25057 39dc38 25068 39bd83 20 API calls _free 25057->25068 25058->25057 25060 39dc0c MultiByteToWideChar 25058->25060 25060->25057 25062 39dc28 GetStringTypeW 25060->25062 25061->25054 25062->25057 25064 395944 __cftof 38 API calls 25063->25064 25065 39bd4b 25064->25065 25069 39bb1b 25065->25069 25068->25061 25070 39bb36 __vsnwprintf_l 25069->25070 25071 39bb5c MultiByteToWideChar 25070->25071 25072 39bd10 25071->25072 25073 39bb86 25071->25073 25074 390d7c _ValidateLocalCookies 5 API calls 25072->25074 25076 39a7fe __vsnwprintf_l 21 API calls 25073->25076 25078 39bba7 __vsnwprintf_l 25073->25078 25075 39bd23 25074->25075 25075->25047 25076->25078 25077 39bbf0 MultiByteToWideChar 25079 39bc09 25077->25079 25095 39bc5c 25077->25095 25078->25077 25078->25095 25096 39c12c 25079->25096 25083 39bc6b 25085 39bc8c __vsnwprintf_l 25083->25085 25088 39a7fe __vsnwprintf_l 21 API calls 25083->25088 25084 39bc33 25086 39c12c __vsnwprintf_l 11 API calls 25084->25086 25084->25095 25087 39bd01 25085->25087 25089 39c12c __vsnwprintf_l 11 API calls 25085->25089 25086->25095 25104 39bd83 20 API calls _free 25087->25104 25088->25085 25091 39bce0 25089->25091 25091->25087 25092 39bcef WideCharToMultiByte 25091->25092 25092->25087 25093 39bd2f 25092->25093 25106 39bd83 20 API calls _free 25093->25106 25105 39bd83 20 API calls _free 25095->25105 25097 39be58 _abort 5 API calls 25096->25097 25098 39c153 25097->25098 25101 39c15c 25098->25101 25107 39c1b4 10 API calls 3 library calls 25098->25107 25100 39c19c LCMapStringW 25100->25101 25102 390d7c _ValidateLocalCookies 5 API calls 25101->25102 25103 39bc20 25102->25103 25103->25083 25103->25084 25103->25095 25104->25095 25105->25072 25106->25095 25107->25100 26083 3910f0 LocalFree 26109 39d1f0 GetProcessHeap 26110 38edf1 DialogBoxParamW 25108 3713fd 43 API calls 2 library calls 26130 38c2f3 78 API calls 26111 38bde0 73 API calls 26151 3973e0 QueryPerformanceFrequency QueryPerformanceCounter 25126 37acd4 25129 37acde 25126->25129 25127 37ae2c SetFilePointer 25128 37ae49 GetLastError 25127->25128 25132 37acf4 25127->25132 25128->25132 25129->25127 25130 37ae05 25129->25130 25129->25132 25133 37aa7a 25129->25133 25130->25127 25134 37aa93 25133->25134 25136 37b110 79 API calls 25134->25136 25135 37aac5 25135->25130 25136->25135 25138 38c9d0 25139 38c9da __EH_prolog 25138->25139 25310 3712f6 25139->25310 25142 38ca1a 25145 38ca31 25142->25145 25147 38ca28 25142->25147 25148 38ca8b 25142->25148 25143 38d10b 25396 38e7ee 25143->25396 25152 38ca68 25147->25152 25153 38ca2c 25147->25153 25151 38cb1e GetDlgItemTextW 25148->25151 25157 38caa1 25148->25157 25149 38d134 25154 38d13d SendDlgItemMessageW 25149->25154 25155 38d14e GetDlgItem SendMessageW 25149->25155 25150 38d126 SendMessageW 25150->25149 25151->25152 25156 38cb5b 25151->25156 25152->25145 25160 38cb4f EndDialog 25152->25160 25153->25145 25158 37f937 53 API calls 25153->25158 25154->25155 25414 38b65d GetCurrentDirectoryW 25155->25414 25161 38cb70 GetDlgItem 25156->25161 25162 38cb64 25156->25162 25163 37f937 53 API calls 25157->25163 25164 38ca4b 25158->25164 25160->25145 25166 38cb84 SendMessageW SendMessageW 25161->25166 25167 38cba7 SetFocus 25161->25167 25162->25152 25175 38d051 25162->25175 25168 38cabe SetDlgItemTextW 25163->25168 25434 37122f SHGetMalloc 25164->25434 25165 38d17e GetDlgItem 25170 38d19b 25165->25170 25171 38d1a1 SetWindowTextW 25165->25171 25166->25167 25172 38cbb7 25167->25172 25182 38cbc3 25167->25182 25173 38cac9 25168->25173 25170->25171 25415 38bbc0 GetClassNameW 25171->25415 25174 37f937 53 API calls 25172->25174 25173->25145 25177 38cad6 GetMessageW 25173->25177 25178 38cbc1 25174->25178 25179 37f937 53 API calls 25175->25179 25177->25145 25181 38caed IsDialogMessageW 25177->25181 25320 38e619 25178->25320 25184 38d061 SetDlgItemTextW 25179->25184 25181->25173 25186 38cafc TranslateMessage DispatchMessageW 25181->25186 25190 37f937 53 API calls 25182->25190 25183 38d3f8 SetDlgItemTextW 25183->25145 25188 38d075 25184->25188 25186->25173 25192 37f937 53 API calls 25188->25192 25194 38cbfa 25190->25194 25191 38cc1d 25195 38cc51 25191->25195 25199 37b4c1 3 API calls 25191->25199 25226 38d098 _wcslen 25192->25226 25193 38d1ec 25197 38d21c 25193->25197 25200 37f937 53 API calls 25193->25200 25198 374a20 _swprintf 51 API calls 25194->25198 25340 37b341 25195->25340 25196 38d884 98 API calls 25196->25193 25206 38d884 98 API calls 25197->25206 25261 38d2d4 25197->25261 25198->25178 25203 38cc47 25199->25203 25204 38d1ff SetDlgItemTextW 25200->25204 25202 38d387 25207 38d399 25202->25207 25208 38d390 EnableWindow 25202->25208 25203->25195 25330 38beff 25203->25330 25210 37f937 53 API calls 25204->25210 25213 38d237 25206->25213 25214 38d3b6 25207->25214 25443 3712b3 GetDlgItem KiUserCallbackDispatcher 25207->25443 25208->25207 25209 38d0e9 25217 37f937 53 API calls 25209->25217 25216 38d213 SetDlgItemTextW 25210->25216 25211 38cc6a GetLastError 25212 38cc75 25211->25212 25346 38bc19 SetCurrentDirectoryW 25212->25346 25223 38d249 25213->25223 25247 38d26e 25213->25247 25221 38d3dd 25214->25221 25235 38d3d5 SendMessageW 25214->25235 25216->25197 25217->25145 25219 38d2c7 25227 38d884 98 API calls 25219->25227 25221->25145 25230 37f937 53 API calls 25221->25230 25222 38cc89 25228 38cc92 GetLastError 25222->25228 25229 38cca0 25222->25229 25441 38aef5 32 API calls 25223->25441 25225 38d3ac 25444 3712b3 GetDlgItem KiUserCallbackDispatcher 25225->25444 25226->25209 25234 37f937 53 API calls 25226->25234 25227->25261 25228->25229 25232 38cd17 25229->25232 25237 38cd26 25229->25237 25239 38ccb0 GetTickCount 25229->25239 25238 38ca52 25230->25238 25231 38d262 25231->25247 25236 38cf52 25232->25236 25232->25237 25240 38d0cc 25234->25240 25235->25221 25355 3712d1 GetDlgItem ShowWindow 25236->25355 25243 38cef7 25237->25243 25244 38ceed 25237->25244 25245 38cd3f GetModuleFileNameW 25237->25245 25238->25145 25238->25183 25246 374a20 _swprintf 51 API calls 25239->25246 25248 374a20 _swprintf 51 API calls 25240->25248 25241 38d365 25442 38aef5 32 API calls 25241->25442 25252 37f937 53 API calls 25243->25252 25244->25152 25244->25243 25435 3805ed 82 API calls 25245->25435 25255 38cccd 25246->25255 25247->25219 25253 38d884 98 API calls 25247->25253 25248->25209 25250 38d384 25250->25202 25259 38cf01 25252->25259 25260 38d29c 25253->25260 25254 38cf62 25356 3712d1 GetDlgItem ShowWindow 25254->25356 25347 37a8ce 25255->25347 25256 37f937 53 API calls 25256->25261 25258 38cd67 25262 374a20 _swprintf 51 API calls 25258->25262 25263 374a20 _swprintf 51 API calls 25259->25263 25260->25219 25264 38d2a5 DialogBoxParamW 25260->25264 25261->25202 25261->25241 25261->25256 25267 38cd89 CreateFileMappingW 25262->25267 25268 38cf1f 25263->25268 25264->25152 25264->25219 25265 38cf6c 25266 37f937 53 API calls 25265->25266 25271 38cf76 SetDlgItemTextW 25266->25271 25270 38cde7 GetCommandLineW 25267->25270 25304 38ce5e __InternalCxxFrameHandler 25267->25304 25278 37f937 53 API calls 25268->25278 25275 38cdf8 25270->25275 25357 3712d1 GetDlgItem ShowWindow 25271->25357 25272 38ccf3 25276 38cd05 25272->25276 25277 38ccfa GetLastError 25272->25277 25274 38ce69 ShellExecuteExW 25289 38ce84 25274->25289 25436 38c615 SHGetMalloc 25275->25436 25281 37a801 80 API calls 25276->25281 25277->25276 25284 38cf39 25278->25284 25280 38cf88 SetDlgItemTextW GetDlgItem 25282 38cfbd 25280->25282 25283 38cfa5 GetWindowLongW SetWindowLongW 25280->25283 25281->25232 25358 38d884 25282->25358 25283->25282 25285 38ce14 25437 38c615 SHGetMalloc 25285->25437 25293 38ce99 WaitForInputIdle 25289->25293 25294 38cec7 25289->25294 25290 38ce20 25438 38c615 SHGetMalloc 25290->25438 25292 38d884 98 API calls 25296 38cfd9 25292->25296 25297 38ceae 25293->25297 25294->25244 25298 38cedd UnmapViewOfFile CloseHandle 25294->25298 25295 38ce2c 25439 38069c 82 API calls 25295->25439 25384 38eba2 25296->25384 25297->25294 25301 38ceb3 Sleep 25297->25301 25298->25244 25301->25294 25301->25297 25302 38ce3d MapViewOfFile 25302->25304 25304->25274 25305 38d884 98 API calls 25308 38cfff 25305->25308 25306 38d028 25440 3712b3 GetDlgItem KiUserCallbackDispatcher 25306->25440 25308->25306 25309 38d884 98 API calls 25308->25309 25309->25306 25311 371358 25310->25311 25314 3712ff 25310->25314 25446 37f5e1 GetWindowLongW SetWindowLongW 25311->25446 25313 371365 25313->25142 25313->25143 25313->25145 25314->25313 25445 37f608 62 API calls 2 library calls 25314->25445 25316 371321 25316->25313 25317 371334 GetDlgItem 25316->25317 25317->25313 25318 371344 25317->25318 25318->25313 25319 37134a SetWindowTextW 25318->25319 25319->25313 25321 38c758 5 API calls 25320->25321 25322 38e625 GetDlgItem 25321->25322 25323 38e67b SendMessageW SendMessageW 25322->25323 25324 38e647 25322->25324 25325 38e6d6 SendMessageW SendMessageW SendMessageW 25323->25325 25326 38e6b7 25323->25326 25327 38e652 ShowWindow SendMessageW SendMessageW 25324->25327 25328 38e709 SendMessageW 25325->25328 25329 38e72c SendMessageW 25325->25329 25326->25325 25327->25323 25328->25329 25329->25191 25447 38c324 GetCurrentProcess OpenProcessToken 25330->25447 25332 38bf14 25333 38bf1c SetEntriesInAclW 25332->25333 25334 38bfad 25332->25334 25333->25334 25335 38bf60 InitializeSecurityDescriptor 25333->25335 25334->25195 25336 38bf9f 25335->25336 25337 38bf6f SetSecurityDescriptorDacl 25335->25337 25336->25334 25339 38bfa4 LocalFree 25336->25339 25337->25336 25338 38bf82 CreateDirectoryW 25337->25338 25338->25336 25339->25334 25343 37b34b 25340->25343 25341 37b3dc 25342 37b542 8 API calls 25341->25342 25344 37b405 25341->25344 25342->25344 25343->25341 25343->25344 25454 37b542 25343->25454 25344->25211 25344->25212 25346->25222 25348 37a8d8 25347->25348 25349 37a935 CreateFileW 25348->25349 25350 37a929 25348->25350 25349->25350 25351 37a97f 25350->25351 25352 37cf32 GetCurrentDirectoryW 25350->25352 25351->25272 25353 37a964 25352->25353 25353->25351 25354 37a968 CreateFileW 25353->25354 25354->25351 25355->25254 25356->25265 25357->25280 25359 38d88e __EH_prolog 25358->25359 25360 38cfcb 25359->25360 25475 38c504 ExpandEnvironmentStringsW 25359->25475 25360->25292 25364 38dbac SetWindowTextW 25369 38d8c5 _wcslen _wcsrchr 25364->25369 25367 39521e 22 API calls 25367->25369 25369->25360 25369->25364 25369->25367 25370 38d99a SetFileAttributesW 25369->25370 25382 38d9b4 __cftof _wcslen 25369->25382 25476 383316 CompareStringW 25369->25476 25477 38b65d GetCurrentDirectoryW 25369->25477 25479 37b9ca 6 API calls 25369->25479 25480 37b953 FindClose 25369->25480 25481 38c67e 76 API calls 2 library calls 25369->25481 25482 38c504 ExpandEnvironmentStringsW 25369->25482 25372 38da54 GetFileAttributesW 25370->25372 25370->25382 25372->25369 25374 38da66 DeleteFileW 25372->25374 25374->25369 25376 38da77 25374->25376 25375 38dd76 GetDlgItem SetWindowTextW SendMessageW 25375->25382 25377 374a20 _swprintf 51 API calls 25376->25377 25379 38da97 GetFileAttributesW 25377->25379 25378 38ddb6 SendMessageW 25378->25369 25379->25376 25380 38daac MoveFileW 25379->25380 25380->25369 25381 38dac4 MoveFileExW 25380->25381 25381->25369 25382->25369 25382->25375 25382->25378 25383 38da30 SHFileOperationW 25382->25383 25478 37cdc0 51 API calls 2 library calls 25382->25478 25383->25372 25385 38ebac __EH_prolog 25384->25385 25483 381983 25385->25483 25387 38ebdd 25487 3764ed 25387->25487 25389 38ebfb 25491 378823 25389->25491 25393 38ec4e 25509 37890a 25393->25509 25395 38cfea 25395->25305 25397 38e7f8 25396->25397 25398 38b5d6 4 API calls 25397->25398 25399 38e7fd 25398->25399 25400 38e805 GetWindow 25399->25400 25401 38d111 25399->25401 25400->25401 25404 38e825 25400->25404 25401->25149 25401->25150 25402 38e832 GetClassNameW 26003 383316 CompareStringW 25402->26003 25404->25401 25404->25402 25405 38e8ba GetWindow 25404->25405 25406 38e856 GetWindowLongW 25404->25406 25405->25401 25405->25404 25406->25405 25407 38e866 SendMessageW 25406->25407 25407->25405 25408 38e87c GetObjectW 25407->25408 26004 38b615 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25408->26004 25411 38e893 26005 38b5f4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25411->26005 26006 38b81c 8 API calls 25411->26006 25413 38e8a4 SendMessageW DeleteObject 25413->25405 25414->25165 25416 38bbe1 25415->25416 25420 38bc06 25415->25420 26007 383316 CompareStringW 25416->26007 25418 38bbf4 25419 38bbf8 FindWindowExW 25418->25419 25418->25420 25419->25420 25421 38c217 25420->25421 25422 38c221 __EH_prolog 25421->25422 25423 3713f8 43 API calls 25422->25423 25424 38c243 25423->25424 26008 372083 25424->26008 25427 38c26c 25430 371a7e 143 API calls 25427->25430 25428 38c25d 25429 371641 86 API calls 25428->25429 25432 38c268 25429->25432 25433 38c28b __InternalCxxFrameHandler ___std_exception_copy 25430->25433 25431 371641 86 API calls 25431->25432 25432->25193 25432->25196 25433->25431 25434->25238 25435->25258 25436->25285 25437->25290 25438->25295 25439->25302 25440->25162 25441->25231 25442->25250 25443->25225 25444->25214 25445->25316 25446->25313 25448 38c344 GetTokenInformation 25447->25448 25452 38c39b 25447->25452 25449 38c369 ___std_exception_copy 25448->25449 25450 38c35e GetLastError 25448->25450 25451 38c372 GetTokenInformation 25449->25451 25450->25449 25450->25452 25451->25452 25453 38c38c CopySid 25451->25453 25452->25332 25453->25452 25455 37b54f 25454->25455 25456 37b573 25455->25456 25457 37b566 CreateDirectoryW 25455->25457 25458 37b4c1 3 API calls 25456->25458 25457->25456 25460 37b5a6 25457->25460 25459 37b579 25458->25459 25461 37b5b9 GetLastError 25459->25461 25462 37cf32 GetCurrentDirectoryW 25459->25462 25464 37b5b5 25460->25464 25467 37b8e6 25460->25467 25461->25464 25465 37b58f 25462->25465 25464->25343 25465->25461 25466 37b593 CreateDirectoryW 25465->25466 25466->25460 25466->25461 25468 38ffd0 25467->25468 25469 37b8f3 SetFileAttributesW 25468->25469 25470 37b936 25469->25470 25471 37b909 25469->25471 25470->25464 25472 37cf32 GetCurrentDirectoryW 25471->25472 25473 37b91d 25472->25473 25473->25470 25474 37b921 SetFileAttributesW 25473->25474 25474->25470 25475->25369 25476->25369 25477->25369 25478->25382 25479->25369 25480->25369 25481->25369 25482->25369 25484 381990 _wcslen 25483->25484 25518 371895 25484->25518 25486 3819a8 25486->25387 25488 381983 _wcslen 25487->25488 25489 371895 78 API calls 25488->25489 25490 3819a8 25489->25490 25490->25389 25492 37882d __EH_prolog 25491->25492 25531 37e298 25492->25531 25494 378855 25495 38febe 27 API calls 25494->25495 25496 378899 __cftof 25495->25496 25497 38febe 27 API calls 25496->25497 25498 3788c0 25497->25498 25537 385c64 25498->25537 25501 378a38 25503 378a42 25501->25503 25502 378ab5 25507 378b1a 25502->25507 25544 3790a2 25502->25544 25503->25502 25566 37b966 25503->25566 25505 378b5c 25505->25393 25507->25505 25572 371397 74 API calls 25507->25572 25999 37a41a 25509->25999 25511 37892b 25512 383546 86 API calls 25511->25512 25513 37893c Concurrency::cancel_current_task 25511->25513 25512->25513 25514 372111 26 API calls 25513->25514 25515 378963 25514->25515 25516 37e339 86 API calls 25515->25516 25517 37896b 25516->25517 25517->25395 25519 3718a7 25518->25519 25526 3718ff 25518->25526 25520 3718d0 25519->25520 25528 3776e9 76 API calls __vswprintf_c_l 25519->25528 25522 39521e 22 API calls 25520->25522 25524 3718f0 25522->25524 25523 3718c6 25529 37775a 75 API calls 25523->25529 25524->25526 25530 37775a 75 API calls 25524->25530 25526->25486 25528->25523 25529->25520 25530->25526 25532 37e2a2 __EH_prolog 25531->25532 25533 38febe 27 API calls 25532->25533 25534 37e2e5 25533->25534 25535 38febe 27 API calls 25534->25535 25536 37e309 25535->25536 25536->25494 25538 385c6e __EH_prolog 25537->25538 25539 38febe 27 API calls 25538->25539 25540 385c8a 25539->25540 25541 3788f2 25540->25541 25543 382166 80 API calls 25540->25543 25541->25501 25543->25541 25545 3790ac __EH_prolog 25544->25545 25573 3713f8 25545->25573 25547 3790c8 25548 3790d9 25547->25548 25735 37b1d2 25547->25735 25552 379110 25548->25552 25583 371ad3 25548->25583 25551 37910c 25551->25552 25602 372032 25551->25602 25727 371641 25552->25727 25556 3791b2 25606 37924e 25556->25606 25560 379211 25560->25552 25614 374264 25560->25614 25626 3792c6 25560->25626 25564 37b966 7 API calls 25565 379139 25564->25565 25565->25556 25565->25564 25739 37d4d2 CompareStringW _wcslen 25565->25739 25567 37b97b 25566->25567 25571 37b9a9 25567->25571 25988 37ba94 25567->25988 25569 37b98b 25570 37b990 FindClose 25569->25570 25569->25571 25570->25571 25571->25503 25572->25505 25574 3713fd __EH_prolog 25573->25574 25575 37e298 27 API calls 25574->25575 25576 371437 25575->25576 25577 38febe 27 API calls 25576->25577 25581 3714ab 25576->25581 25579 371498 25577->25579 25579->25581 25582 37644d 43 API calls 25579->25582 25580 371533 __cftof 25580->25547 25740 37c1f7 25581->25740 25582->25581 25584 371add __EH_prolog 25583->25584 25596 371b30 25584->25596 25599 371c63 25584->25599 25758 3713d9 25584->25758 25586 371c9e 25761 371397 74 API calls 25586->25761 25589 374264 116 API calls 25593 371ce9 25589->25593 25590 371cab 25590->25589 25590->25599 25591 371d31 25595 371d64 25591->25595 25591->25599 25762 371397 74 API calls 25591->25762 25593->25591 25594 374264 116 API calls 25593->25594 25594->25593 25595->25599 25601 37b110 79 API calls 25595->25601 25596->25586 25596->25590 25596->25599 25597 374264 116 API calls 25598 371db5 25597->25598 25598->25597 25598->25599 25599->25551 25600 37b110 79 API calls 25600->25596 25601->25598 25603 372037 __EH_prolog 25602->25603 25605 372068 25603->25605 25776 371a7e 25603->25776 25605->25565 25899 37e395 25606->25899 25608 37925e 25903 382701 GetSystemTime SystemTimeToFileTime 25608->25903 25610 3791cc 25610->25560 25611 382eb4 25610->25611 25904 38efab 25611->25904 25615 374274 25614->25615 25616 374270 25614->25616 25625 37b110 79 API calls 25615->25625 25616->25560 25617 374286 25618 3742a1 25617->25618 25619 3742af 25617->25619 25620 3742e1 25618->25620 25912 37395a 104 API calls 3 library calls 25618->25912 25913 372eb6 116 API calls 3 library calls 25619->25913 25620->25560 25623 3742ad 25623->25620 25914 372544 74 API calls 25623->25914 25625->25617 25627 3792d0 __EH_prolog 25626->25627 25630 37930e 25627->25630 25637 37973d Concurrency::cancel_current_task 25627->25637 25933 389cad 118 API calls 25627->25933 25629 37a18d 25631 37a1c5 25629->25631 25632 37a192 25629->25632 25630->25629 25634 37932f 25630->25634 25630->25637 25631->25637 25964 389cad 118 API calls 25631->25964 25632->25637 25963 378675 168 API calls 25632->25963 25634->25637 25915 3766df 25634->25915 25637->25560 25638 379545 25638->25637 25643 379669 25638->25643 25936 378f6b 38 API calls 25638->25936 25640 379405 25640->25638 25934 37b5d6 57 API calls 3 library calls 25640->25934 25647 37b966 7 API calls 25643->25647 25649 3796db 25643->25649 25645 3795ac 25935 398a18 26 API calls 2 library calls 25645->25935 25647->25649 25648 379935 25943 37e4a9 96 API calls 25648->25943 25921 3789c8 25649->25921 25652 37976c 25675 3797c5 25652->25675 25937 374727 27 API calls 2 library calls 25652->25937 25655 379990 25656 379a3a 25655->25656 25662 3799bb 25655->25662 25659 379a8c 25656->25659 25673 379a45 25656->25673 25664 379a2c 25659->25664 25947 378db3 119 API calls 25659->25947 25660 379a8a 25665 37a801 80 API calls 25660->25665 25661 37a14a 25666 37a801 80 API calls 25661->25666 25663 379ae8 25662->25663 25662->25664 25667 37b4c1 3 API calls 25662->25667 25663->25661 25686 379b53 25663->25686 25948 37ab1c 25663->25948 25664->25660 25664->25663 25665->25637 25666->25637 25669 3799f3 25667->25669 25669->25664 25945 37a50a 97 API calls 25669->25945 25670 37bf0a 27 API calls 25674 379ba2 25670->25674 25673->25660 25946 378b7c 123 API calls 25673->25946 25678 37bf0a 27 API calls 25674->25678 25675->25637 25676 3798ed 25675->25676 25683 3798f4 Concurrency::cancel_current_task 25675->25683 25938 3787fb 41 API calls 25675->25938 25939 37e4a9 96 API calls 25675->25939 25940 37237a 74 API calls 25675->25940 25941 378f28 99 API calls 25675->25941 25942 37237a 74 API calls 25676->25942 25699 379bb8 25678->25699 25683->25655 25944 37851f 50 API calls 2 library calls 25683->25944 25684 379b41 25952 377951 77 API calls 25684->25952 25686->25670 25687 379c8b 25688 379ce7 25687->25688 25689 379e85 25687->25689 25692 379cff 25688->25692 25697 379da7 25688->25697 25690 379e97 25689->25690 25691 379eab 25689->25691 25713 379d20 25689->25713 25693 37a475 138 API calls 25690->25693 25695 384586 75 API calls 25691->25695 25694 379d46 25692->25694 25700 379d0e 25692->25700 25693->25713 25694->25713 25955 37829b 112 API calls 25694->25955 25696 379ec4 25695->25696 25959 38422f 138 API calls 25696->25959 25956 378f6b 38 API calls 25697->25956 25698 379c62 25698->25687 25953 37ac9c 82 API calls 25698->25953 25699->25687 25699->25698 25707 37aa7a 79 API calls 25699->25707 25954 37237a 74 API calls 25700->25954 25705 379e76 25705->25560 25707->25698 25708 379dec 25709 379e1f 25708->25709 25710 379e08 25708->25710 25708->25713 25958 37a212 103 API calls __EH_prolog 25709->25958 25957 378037 85 API calls 25710->25957 25713->25705 25719 379fca 25713->25719 25960 37237a 74 API calls 25713->25960 25715 37a0d5 25715->25661 25717 37b8e6 3 API calls 25715->25717 25716 37a083 25928 37b032 25716->25928 25718 37a130 25717->25718 25718->25661 25961 37237a 74 API calls 25718->25961 25719->25661 25719->25715 25719->25716 25927 37b199 SetEndOfFile 25719->25927 25722 37a0ca 25724 37a880 77 API calls 25722->25724 25724->25715 25725 37a140 25962 377871 76 API calls 25725->25962 25728 371653 25727->25728 25730 371665 Concurrency::cancel_current_task 25727->25730 25728->25730 25978 3716b2 26 API calls 25728->25978 25731 372111 26 API calls 25730->25731 25732 371694 25731->25732 25979 37e339 25732->25979 25736 37b1e9 25735->25736 25737 37b1f3 25736->25737 25987 3777af 78 API calls 25736->25987 25737->25548 25739->25565 25741 37c20d __cftof 25740->25741 25746 37c0d3 25741->25746 25753 37c0b4 25746->25753 25748 37c148 25749 372111 25748->25749 25750 37211c 25749->25750 25751 37212b 25749->25751 25757 37136b 26 API calls Concurrency::cancel_current_task 25750->25757 25751->25580 25754 37c0c2 25753->25754 25755 37c0bd 25753->25755 25754->25748 25756 372111 26 API calls 25755->25756 25756->25754 25757->25751 25763 371822 25758->25763 25761->25599 25762->25595 25764 371834 25763->25764 25771 3713f2 25763->25771 25765 37185d 25764->25765 25773 3776e9 76 API calls __vswprintf_c_l 25764->25773 25767 39521e 22 API calls 25765->25767 25770 37187a 25767->25770 25768 371853 25774 37775a 75 API calls 25768->25774 25770->25771 25775 37775a 75 API calls 25770->25775 25771->25600 25773->25768 25774->25765 25775->25771 25777 371a8e 25776->25777 25779 371a8a 25776->25779 25780 3719c5 25777->25780 25779->25605 25781 3719d7 25780->25781 25782 371a14 25780->25782 25783 374264 116 API calls 25781->25783 25788 3746ce 25782->25788 25786 3719f7 25783->25786 25786->25779 25792 3746d7 25788->25792 25789 374264 116 API calls 25789->25792 25790 371a35 25790->25786 25793 371f30 25790->25793 25792->25789 25792->25790 25805 382128 25792->25805 25794 371f3a __EH_prolog 25793->25794 25813 3742f1 25794->25813 25796 371f61 25797 371822 78 API calls 25796->25797 25799 371fe8 25796->25799 25798 371f78 25797->25798 25841 37190b 78 API calls 25798->25841 25799->25786 25801 371f90 25802 371f9c _wcslen 25801->25802 25842 382ed2 MultiByteToWideChar 25801->25842 25843 37190b 78 API calls 25802->25843 25806 38212f 25805->25806 25807 38214a 25806->25807 25811 3776e4 RaiseException _com_raise_error 25806->25811 25809 38215b SetThreadExecutionState 25807->25809 25812 3776e4 RaiseException _com_raise_error 25807->25812 25809->25792 25811->25807 25812->25809 25814 3742fb __EH_prolog 25813->25814 25815 374311 25814->25815 25816 37432d 25814->25816 25869 371397 74 API calls 25815->25869 25817 374588 25816->25817 25821 374359 25816->25821 25881 371397 74 API calls 25817->25881 25820 37431c 25820->25796 25821->25820 25844 384586 25821->25844 25823 3743da 25825 374465 25823->25825 25840 3743d1 25823->25840 25872 37e4a9 96 API calls 25823->25872 25824 3743d6 25824->25823 25871 37252a 78 API calls 25824->25871 25854 37bf0a 25825->25854 25827 3743c6 25870 371397 74 API calls 25827->25870 25828 3743a8 25828->25823 25828->25824 25828->25827 25829 374478 25834 37450e 25829->25834 25835 3744fe 25829->25835 25873 38422f 138 API calls 25834->25873 25858 37a475 25835->25858 25838 37450c 25838->25840 25874 37237a 74 API calls 25838->25874 25875 383546 25840->25875 25841->25801 25842->25802 25843->25799 25845 38459b 25844->25845 25847 3845a5 ___std_exception_copy 25844->25847 25882 37775a 75 API calls 25845->25882 25848 38462b 25847->25848 25849 3846d5 25847->25849 25853 38464f __cftof 25847->25853 25883 3844b9 75 API calls 3 library calls 25848->25883 25884 393340 RaiseException 25849->25884 25852 384701 25853->25828 25855 37bf18 25854->25855 25857 37bf22 25854->25857 25856 38febe 27 API calls 25855->25856 25856->25857 25857->25829 25859 37a47f __EH_prolog 25858->25859 25885 378a1f 25859->25885 25862 3713d9 78 API calls 25863 37a492 25862->25863 25888 37e56c 25863->25888 25865 37a4ee 25865->25838 25867 37e56c 133 API calls 25868 37a4a5 25867->25868 25868->25865 25868->25867 25897 37e758 97 API calls __InternalCxxFrameHandler 25868->25897 25869->25820 25870->25840 25871->25823 25872->25825 25873->25838 25874->25840 25877 383550 25875->25877 25876 383569 25898 38220d 86 API calls 25876->25898 25877->25876 25880 38357d 25877->25880 25879 383570 Concurrency::cancel_current_task 25879->25880 25881->25820 25882->25847 25883->25853 25884->25852 25886 37c619 GetVersionExW 25885->25886 25887 378a24 25886->25887 25887->25862 25894 37e582 __InternalCxxFrameHandler 25888->25894 25889 37e6f2 25890 37e726 25889->25890 25891 37e523 6 API calls 25889->25891 25892 382128 SetThreadExecutionState RaiseException 25890->25892 25891->25890 25895 37e6e9 25892->25895 25893 389cad 118 API calls 25893->25894 25894->25889 25894->25893 25894->25895 25896 37bff5 91 API calls 25894->25896 25895->25868 25896->25894 25897->25868 25898->25879 25900 37e3a5 25899->25900 25902 37e3ac 25899->25902 25901 37aa7a 79 API calls 25900->25901 25901->25902 25902->25608 25903->25610 25905 38efb8 25904->25905 25906 37f937 53 API calls 25905->25906 25907 38efdb 25906->25907 25908 374a20 _swprintf 51 API calls 25907->25908 25909 38efed 25908->25909 25910 38e619 16 API calls 25909->25910 25911 382eca 25910->25911 25911->25560 25912->25623 25913->25623 25914->25620 25916 3766ef 25915->25916 25965 3765fb 25916->25965 25918 376722 25920 37675a 25918->25920 25970 37c6af CharUpperW CompareStringW _wcslen ___vcrt_FlsGetValue 25918->25970 25920->25640 25922 3789dd 25921->25922 25923 378a15 25922->25923 25976 377931 74 API calls 25922->25976 25923->25637 25923->25648 25923->25652 25925 378a0d 25977 371397 74 API calls 25925->25977 25927->25716 25929 37b043 25928->25929 25932 37b052 25928->25932 25930 37b049 FlushFileBuffers 25929->25930 25929->25932 25930->25932 25931 37b0cf SetFileTime 25931->25722 25932->25931 25933->25630 25934->25645 25935->25638 25936->25643 25937->25675 25938->25675 25939->25675 25940->25675 25941->25675 25942->25683 25943->25683 25944->25655 25945->25664 25946->25660 25947->25664 25949 37ab25 GetFileType 25948->25949 25950 379b2b 25948->25950 25949->25950 25950->25686 25951 37237a 74 API calls 25950->25951 25951->25684 25952->25686 25953->25687 25954->25713 25955->25713 25956->25708 25957->25713 25958->25713 25959->25713 25960->25719 25961->25725 25962->25661 25963->25637 25964->25637 25971 3764f8 25965->25971 25968 3764f8 2 API calls 25969 37661c 25968->25969 25969->25918 25970->25918 25974 376502 25971->25974 25972 3765ea 25972->25968 25972->25969 25974->25972 25975 37c6af CharUpperW CompareStringW _wcslen ___vcrt_FlsGetValue 25974->25975 25975->25974 25976->25925 25977->25923 25980 37e34a Concurrency::cancel_current_task 25979->25980 25985 37bd8e 86 API calls Concurrency::cancel_current_task 25980->25985 25982 37e37c 25986 37bd8e 86 API calls Concurrency::cancel_current_task 25982->25986 25984 37e387 25985->25982 25986->25984 25987->25737 25989 37baa1 25988->25989 25990 37bb20 FindNextFileW 25989->25990 25991 37baba FindFirstFileW 25989->25991 25992 37bb2b GetLastError 25990->25992 25998 37bb02 25990->25998 25993 37bac9 25991->25993 25991->25998 25992->25998 25994 37cf32 GetCurrentDirectoryW 25993->25994 25995 37bad9 25994->25995 25996 37baf7 GetLastError 25995->25996 25997 37badd FindFirstFileW 25995->25997 25996->25998 25997->25996 25997->25998 25998->25569 26001 37a425 25999->26001 26002 37a458 __cftof 25999->26002 26000 37b470 3 API calls 26000->26001 26001->26000 26001->26002 26002->25511 26003->25404 26004->25411 26005->25411 26006->25413 26007->25418 26009 37b1d2 78 API calls 26008->26009 26010 37208f 26009->26010 26011 3720ac 26010->26011 26012 371ad3 116 API calls 26010->26012 26011->25427 26011->25428 26013 37209c 26012->26013 26013->26011 26015 371397 74 API calls 26013->26015 26015->26011 26113 38d8d8 98 API calls 4 library calls 26153 394bd0 5 API calls _ValidateLocalCookies 26115 3a21d5 21 API calls 2 library calls 26022 38dfcc 26023 38dfd5 GetTempPathW 26022->26023 26025 38d8d8 _wcslen _wcsrchr 26022->26025 26029 38dff5 26023->26029 26026 38e54f 26025->26026 26033 38dbac SetWindowTextW 26025->26033 26037 39521e 22 API calls 26025->26037 26039 38d99a SetFileAttributesW 26025->26039 26051 38d9b4 __cftof _wcslen 26025->26051 26053 383316 CompareStringW 26025->26053 26054 38b65d GetCurrentDirectoryW 26025->26054 26056 37b9ca 6 API calls 26025->26056 26057 37b953 FindClose 26025->26057 26058 38c67e 76 API calls 2 library calls 26025->26058 26059 38c504 ExpandEnvironmentStringsW 26025->26059 26027 374a20 _swprintf 51 API calls 26027->26029 26028 37b4c1 3 API calls 26028->26029 26029->26027 26029->26028 26030 38e02c SetDlgItemTextW 26029->26030 26030->26025 26032 38e049 26030->26032 26032->26025 26036 38e12f EndDialog 26032->26036 26033->26025 26036->26025 26037->26025 26041 38da54 GetFileAttributesW 26039->26041 26039->26051 26041->26025 26043 38da66 DeleteFileW 26041->26043 26043->26025 26045 38da77 26043->26045 26044 38dd76 GetDlgItem SetWindowTextW SendMessageW 26044->26051 26046 374a20 _swprintf 51 API calls 26045->26046 26048 38da97 GetFileAttributesW 26046->26048 26047 38ddb6 SendMessageW 26047->26025 26048->26045 26049 38daac MoveFileW 26048->26049 26049->26025 26050 38dac4 MoveFileExW 26049->26050 26050->26025 26051->26025 26051->26044 26051->26047 26052 38da30 SHFileOperationW 26051->26052 26055 37cdc0 51 API calls 2 library calls 26051->26055 26052->26041 26053->26025 26054->26025 26055->26051 26056->26025 26057->26025 26058->26025 26059->26025 26088 39b8c0 21 API calls 26089 399cc0 7 API calls ___scrt_uninitialize_crt 26117 3a3dc0 VariantClear 26154 3a03c0 51 API calls

                                                                                                                                  Executed Functions

                                                                                                                                  Function 0038F05C Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 202filesleeptimeCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00381B83: GetModuleHandleW.KERNEL32(kernel32), ref: 00381B9C
                                                                                                                                    • Part of subcall function 00381B83: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00381BAE
                                                                                                                                    • Part of subcall function 00381B83: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00381BDF
                                                                                                                                    • Part of subcall function 0038B65D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 0038B665
                                                                                                                                    • Part of subcall function 0038BD1B: OleInitialize.OLE32(00000000), ref: 0038BD34
                                                                                                                                    • Part of subcall function 0038BD1B: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0038BD6B
                                                                                                                                    • Part of subcall function 0038BD1B: SHGetMalloc.SHELL32(003BA460), ref: 0038BD75
                                                                                                                                  • GetCommandLineW.KERNEL32 ref: 0038F09B
                                                                                                                                  • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0038F0C5
                                                                                                                                  • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007402), ref: 0038F0D6
                                                                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0038F127
                                                                                                                                    • Part of subcall function 0038ED2E: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0038ED44
                                                                                                                                    • Part of subcall function 0038ED2E: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0038ED80
                                                                                                                                    • Part of subcall function 00380752: _wcslen.LIBCMT ref: 00380776
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0038F12E
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,003D0CC0,00000800), ref: 0038F148
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(sfxname,003D0CC0), ref: 0038F154
                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 0038F15F
                                                                                                                                  • _swprintf.LIBCMT ref: 0038F19E
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0038F1B3
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 0038F1BA
                                                                                                                                  • LoadIconW.USER32(00000000,00000064), ref: 0038F1D1
                                                                                                                                  • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001C9D0,00000000), ref: 0038F222
                                                                                                                                  • Sleep.KERNELBASE(?), ref: 0038F250
                                                                                                                                  • DeleteObject.GDI32 ref: 0038F289
                                                                                                                                  • DeleteObject.GDI32(?), ref: 0038F299
                                                                                                                                  • CloseHandle.KERNEL32 ref: 0038F2DC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf_wcslen
                                                                                                                                  • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$p0;$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                                  • API String ID: 3014515783-968971619
                                                                                                                                  • Opcode ID: 764f2e821efa3c0da5153680bdf694308573fa5c9906f68cd360e25f84d13f0d
                                                                                                                                  • Instruction ID: 5be97cfa1418d8b99e5ab0294080c49ca6a950f5da0861e1c32494f72cc7dea0
                                                                                                                                  • Opcode Fuzzy Hash: 764f2e821efa3c0da5153680bdf694308573fa5c9906f68cd360e25f84d13f0d
                                                                                                                                  • Instruction Fuzzy Hash: 4361F375500300AFD323BBA1EC49F6B7BACEB4A744F04056AF645D72A2DBB49844CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038B6D2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 739 38b6d2-38b6ef FindResourceW 740 38b7eb 739->740 741 38b6f5-38b706 SizeofResource 739->741 743 38b7ed-38b7f1 740->743 741->740 742 38b70c-38b71b LoadResource 741->742 742->740 744 38b721-38b72c LockResource 742->744 744->740 745 38b732-38b747 GlobalAlloc 744->745 746 38b74d-38b756 GlobalLock 745->746 747 38b7e3-38b7e9 745->747 748 38b7dc-38b7dd GlobalFree 746->748 749 38b75c-38b77a call 392dc0 746->749 747->743 748->747 753 38b77c-38b79e call 38b636 749->753 754 38b7d5-38b7d6 GlobalUnlock 749->754 753->754 759 38b7a0-38b7a8 753->759 754->748 760 38b7aa-38b7be GdipCreateHBITMAPFromBitmap 759->760 761 38b7c3-38b7d1 759->761 760->761 762 38b7c0 760->762 761->754 762->761
                                                                                                                                  APIs
                                                                                                                                  • FindResourceW.KERNELBASE(?,PNG,00000000,?,?,?,0038C92D,00000066), ref: 0038B6E5
                                                                                                                                  • SizeofResource.KERNEL32(00000000,?,?,?,0038C92D,00000066), ref: 0038B6FC
                                                                                                                                  • LoadResource.KERNEL32(00000000,?,?,?,0038C92D,00000066), ref: 0038B713
                                                                                                                                  • LockResource.KERNEL32(00000000,?,?,?,0038C92D,00000066), ref: 0038B722
                                                                                                                                  • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0038C92D,00000066), ref: 0038B73D
                                                                                                                                  • GlobalLock.KERNEL32(00000000,?,?,?,?,?,0038C92D,00000066), ref: 0038B74E
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 0038B7D6
                                                                                                                                    • Part of subcall function 0038B636: GdipAlloc.GDIPLUS(00000010), ref: 0038B63C
                                                                                                                                  • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0038B7B7
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 0038B7DD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                                                                                                  • String ID: PNG
                                                                                                                                  • API String ID: 541704414-364855578
                                                                                                                                  • Opcode ID: 2f161306024b199262b42a8dd8cdc641d923d73ab7a105f646a77914b54f79e7
                                                                                                                                  • Instruction ID: 0a14af6c32850486ee436a709523bee5a1893116c6f91a9121a9f1f05915c855
                                                                                                                                  • Opcode Fuzzy Hash: 2f161306024b199262b42a8dd8cdc641d923d73ab7a105f646a77914b54f79e7
                                                                                                                                  • Instruction Fuzzy Hash: EC316F71604712AFD713AF61EC88D1BBFACEFC5791B060569F905D2260EB71D845CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037BA94 Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1077 37ba94-37bab8 call 38ffd0 1080 37bb20-37bb29 FindNextFileW 1077->1080 1081 37baba-37bac7 FindFirstFileW 1077->1081 1082 37bb3b-37bbf8 call 38192f call 37d71d call 382924 * 3 1080->1082 1083 37bb2b-37bb39 GetLastError 1080->1083 1081->1082 1084 37bac9-37badb call 37cf32 1081->1084 1088 37bbfd-37bc0a 1082->1088 1085 37bb12-37bb1b 1083->1085 1092 37baf7-37bb00 GetLastError 1084->1092 1093 37badd-37baf5 FindFirstFileW 1084->1093 1085->1088 1095 37bb02-37bb05 1092->1095 1096 37bb10 1092->1096 1093->1082 1093->1092 1095->1096 1098 37bb07-37bb0a 1095->1098 1096->1085 1098->1096 1100 37bb0c-37bb0e 1098->1100 1100->1085
                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0037B98B,000000FF,?,?), ref: 0037BABD
                                                                                                                                    • Part of subcall function 0037CF32: _wcslen.LIBCMT ref: 0037CF56
                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,?,?,00000800,?,?,?,?,0037B98B,000000FF,?,?), ref: 0037BAEB
                                                                                                                                  • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0037B98B,000000FF,?,?), ref: 0037BAF7
                                                                                                                                  • FindNextFileW.KERNEL32(?,?,?,?,?,?,0037B98B,000000FF,?,?), ref: 0037BB21
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,0037B98B,000000FF,?,?), ref: 0037BB2D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 42610566-0
                                                                                                                                  • Opcode ID: f7c123a7caa9b94ddbb6754667b0483b8c100e802f61c56524529af222aaf3f4
                                                                                                                                  • Instruction ID: 36691364d42c6e90991284f8edf164afd289bbd1912b68582fa340529d1e7f28
                                                                                                                                  • Opcode Fuzzy Hash: f7c123a7caa9b94ddbb6754667b0483b8c100e802f61c56524529af222aaf3f4
                                                                                                                                  • Instruction Fuzzy Hash: F6412C72900519ABCB26DF64CC84BEAF3B8FB49350F114596E96ED3200D778AA949F90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038BEFF Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1104 38beff-38bf16 call 38c324 1107 38bf1c-38bf5e SetEntriesInAclW 1104->1107 1108 38bfaf-38bfb0 1104->1108 1109 38bfad-38bfae 1107->1109 1110 38bf60-38bf6d InitializeSecurityDescriptor 1107->1110 1109->1108 1111 38bf9f-38bfa2 1110->1111 1112 38bf6f-38bf80 SetSecurityDescriptorDacl 1110->1112 1111->1109 1114 38bfa4-38bfa7 LocalFree 1111->1114 1112->1111 1113 38bf82-38bf99 CreateDirectoryW 1112->1113 1113->1111 1114->1109
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0038C324: GetCurrentProcess.KERNEL32(00020008,0038BF14,?,?,?,?,0038BF14,?), ref: 0038C333
                                                                                                                                    • Part of subcall function 0038C324: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0038BF14,?), ref: 0038C33A
                                                                                                                                    • Part of subcall function 0038C324: GetTokenInformation.KERNELBASE(0038BF14,00000001(TokenIntegrityLevel),00000000,00000000,?,?,?,?,?,0038BF14,?), ref: 0038C354
                                                                                                                                    • Part of subcall function 0038C324: GetLastError.KERNEL32(?,?,?,?,0038BF14,?), ref: 0038C35E
                                                                                                                                    • Part of subcall function 0038C324: GetTokenInformation.KERNELBASE(0038BF14,00000001(TokenIntegrityLevel),00000000,?,?,?,?,?,?,?,0038BF14,?), ref: 0038C382
                                                                                                                                    • Part of subcall function 0038C324: CopySid.ADVAPI32(00000044,0038BF14,00000000,?,?,?,?,?,0038BF14,?), ref: 0038C393
                                                                                                                                  • SetEntriesInAclW.ADVAPI32(00000001,11060000,00000000,?,?,?,?), ref: 0038BF56
                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001,?,?,?), ref: 0038BF65
                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,?,?), ref: 0038BF78
                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,0000000C,?,?,?), ref: 0038BF99
                                                                                                                                  • LocalFree.KERNEL32(?,?,?,?), ref: 0038BFA7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Token$DescriptorInformationProcessSecurity$CopyCreateCurrentDaclDirectoryEntriesErrorFreeInitializeLastLocalOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2740647886-0
                                                                                                                                  • Opcode ID: 345fb18ebc169147213e717b74f0a4d8a0469feae209cba38636553941306203
                                                                                                                                  • Instruction ID: dda39e838dd5a83612cc81a5b8b61eab505665463a6d0a86933cb23b24950a86
                                                                                                                                  • Opcode Fuzzy Hash: 345fb18ebc169147213e717b74f0a4d8a0469feae209cba38636553941306203
                                                                                                                                  • Instruction Fuzzy Hash: 7421A0B5C01219EADB11DFA5DD48ADEFBBCFF45740F10805AE905E2210D7749A45DFA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003792C6 Relevance: 4.7, APIs: 1, Strings: 1, Instructions: 1157COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 003792CB
                                                                                                                                    • Part of subcall function 0037D656: _wcsrchr.LIBVCRUNTIME ref: 0037D660
                                                                                                                                    • Part of subcall function 0037CAA0: _wcslen.LIBCMT ref: 0037CAA6
                                                                                                                                    • Part of subcall function 00381907: _wcslen.LIBCMT ref: 0038190D
                                                                                                                                    • Part of subcall function 0037B5D6: _wcslen.LIBCMT ref: 0037B5E2
                                                                                                                                    • Part of subcall function 0037B5D6: __aulldiv.LIBCMT ref: 0037B60E
                                                                                                                                    • Part of subcall function 0037B5D6: GetCurrentProcessId.KERNEL32(00000000,?,000186A0,00000000,?,?,00000800,?), ref: 0037B615
                                                                                                                                    • Part of subcall function 0037B5D6: _swprintf.LIBCMT ref: 0037B640
                                                                                                                                    • Part of subcall function 0037B5D6: _wcslen.LIBCMT ref: 0037B64A
                                                                                                                                    • Part of subcall function 0037B5D6: _swprintf.LIBCMT ref: 0037B6A0
                                                                                                                                    • Part of subcall function 0037B5D6: _wcslen.LIBCMT ref: 0037B6AA
                                                                                                                                    • Part of subcall function 00374727: __EH_prolog.LIBCMT ref: 0037472C
                                                                                                                                    • Part of subcall function 0037A212: __EH_prolog.LIBCMT ref: 0037A217
                                                                                                                                    • Part of subcall function 0037B8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0037B5B5,?,?,?,0037B405,?,00000001,00000000,?,?), ref: 0037B8FA
                                                                                                                                    • Part of subcall function 0037B8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0037B5B5,?,?,?,0037B405,?,00000001,00000000,?,?), ref: 0037B92B
                                                                                                                                  Strings
                                                                                                                                  • __tmp_reference_source_, xrefs: 00379596
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$H_prolog$AttributesFile_swprintf$CurrentProcess__aulldiv_wcsrchr
                                                                                                                                  • String ID: __tmp_reference_source_
                                                                                                                                  • API String ID: 70197177-685763994
                                                                                                                                  • Opcode ID: 5d825423cfe6fb58f09bb094a7fc81be59c430366609777d8e19602b091bcc3d
                                                                                                                                  • Instruction ID: 1a3ee2fae4790cddc037fd4f80d0a4de548a5673f371afeb40925a62563bae69
                                                                                                                                  • Opcode Fuzzy Hash: 5d825423cfe6fb58f09bb094a7fc81be59c430366609777d8e19602b091bcc3d
                                                                                                                                  • Instruction Fuzzy Hash: 43A2D771904245AEDF37DF64C895BEEBBB8BF05300F0982BAE94D9B242D7385944CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003991B0 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,?,00399186,00000000,003AD570,0000000C,003992DD,00000000,00000002,00000000), ref: 003991D1
                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,00399186,00000000,003AD570,0000000C,003992DD,00000000,00000002,00000000), ref: 003991D8
                                                                                                                                  • ExitProcess.KERNEL32 ref: 003991EA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                  • Opcode ID: 84ae088960da43de981de8d6dfe94f4de7724577bb26900b69d273186d0f1faf
                                                                                                                                  • Instruction ID: 76c55c7a535f9eee2770601d4b4c0a8c59d8c1b8639755de7f252b7219154a46
                                                                                                                                  • Opcode Fuzzy Hash: 84ae088960da43de981de8d6dfe94f4de7724577bb26900b69d273186d0f1faf
                                                                                                                                  • Instruction Fuzzy Hash: 99E04632000108ABCF13AF68CD09A583B2EFB91742F020418F9088A122CB75DD82DA80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038C9D0 Relevance: 104.0, APIs: 49, Strings: 10, Instructions: 734windowfilesleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 0038C9D5
                                                                                                                                    • Part of subcall function 003712F6: GetDlgItem.USER32(00000000,00003021), ref: 0037133A
                                                                                                                                    • Part of subcall function 003712F6: SetWindowTextW.USER32(00000000,003A45F4), ref: 00371350
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0038CAC1
                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0038CADF
                                                                                                                                  • IsDialogMessageW.USER32(?,?), ref: 0038CAF2
                                                                                                                                  • TranslateMessage.USER32(?), ref: 0038CB00
                                                                                                                                  • DispatchMessageW.USER32(?), ref: 0038CB0A
                                                                                                                                  • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 0038CB2D
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 0038CB50
                                                                                                                                  • GetDlgItem.USER32(?,00000068), ref: 0038CB73
                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0038CB8E
                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,003A45F4), ref: 0038CBA1
                                                                                                                                    • Part of subcall function 0038E598: _wcslen.LIBCMT ref: 0038E5C2
                                                                                                                                  • SetFocus.USER32(00000000), ref: 0038CBA8
                                                                                                                                  • _swprintf.LIBCMT ref: 0038CC07
                                                                                                                                    • Part of subcall function 00374A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00374A33
                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 0038CC6A
                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 0038CC92
                                                                                                                                  • GetTickCount.KERNEL32 ref: 0038CCB0
                                                                                                                                  • _swprintf.LIBCMT ref: 0038CCC8
                                                                                                                                  • GetLastError.KERNEL32(?,00000011), ref: 0038CCFA
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 0038CD4D
                                                                                                                                  • _swprintf.LIBCMT ref: 0038CD84
                                                                                                                                  • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007402,winrarsfxmappingfile.tmp), ref: 0038CDD8
                                                                                                                                  • GetCommandLineW.KERNEL32 ref: 0038CDEE
                                                                                                                                  • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,003C1482,00000400,00000001,00000001), ref: 0038CE45
                                                                                                                                  • ShellExecuteExW.SHELL32(0000003C), ref: 0038CE6D
                                                                                                                                  • WaitForInputIdle.USER32(?,00002710), ref: 0038CEA1
                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 0038CEB5
                                                                                                                                  • UnmapViewOfFile.KERNEL32(?,?,0000421C,003C1482,00000400), ref: 0038CEDE
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0038CEE7
                                                                                                                                  • _swprintf.LIBCMT ref: 0038CF1A
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0038CF79
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000065,003A45F4), ref: 0038CF90
                                                                                                                                  • GetDlgItem.USER32(?,00000065), ref: 0038CF99
                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 0038CFA8
                                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0038CFB7
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0038D064
                                                                                                                                  • _wcslen.LIBCMT ref: 0038D0BA
                                                                                                                                  • _swprintf.LIBCMT ref: 0038D0E4
                                                                                                                                  • SendMessageW.USER32(?,00000080,00000001,?), ref: 0038D12E
                                                                                                                                  • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 0038D148
                                                                                                                                  • GetDlgItem.USER32(?,00000068), ref: 0038D151
                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 0038D167
                                                                                                                                  • GetDlgItem.USER32(?,00000066), ref: 0038D181
                                                                                                                                  • SetWindowTextW.USER32(00000000,003C389A), ref: 0038D1A3
                                                                                                                                  • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 0038D203
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0038D216
                                                                                                                                  • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001C7B0,00000000,?), ref: 0038D2B9
                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 0038D393
                                                                                                                                  • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 0038D3D5
                                                                                                                                    • Part of subcall function 0038D884: __EH_prolog.LIBCMT ref: 0038D889
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0038D3F9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Item$MessageText$Send$Window_swprintf$File$DialogErrorLast$H_prologLongView_wcslen$CloseCommandCountCreateDispatchEnableExecuteFocusHandleIdleInputLineMappingModuleNameParamShellSleepTickTranslateUnmapWait__vswprintf_c_l
                                                                                                                                  • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$lb:$winrarsfxmappingfile.tmp
                                                                                                                                  • API String ID: 3103142498-1160256745
                                                                                                                                  • Opcode ID: ae9b11fb3acc860cbb0bc3c2372f8a5378d11dfac33dc1b8ff123b7a9c3b69e4
                                                                                                                                  • Instruction ID: 9e6772bb9175a19b77cd494616c44466905d3257a7ca1dea083f6db4fdaa06f6
                                                                                                                                  • Opcode Fuzzy Hash: ae9b11fb3acc860cbb0bc3c2372f8a5378d11dfac33dc1b8ff123b7a9c3b69e4
                                                                                                                                  • Instruction Fuzzy Hash: 57420571944704BEEB23BB74AC4AFBE7B7CAB02704F044196F644AA1D2CBB45D45CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00381B83 Relevance: 100.1, APIs: 23, Strings: 34, Instructions: 316libraryfileloaderCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 272 381b83-381ba6 call 38ffd0 GetModuleHandleW 275 381ba8-381bbf GetProcAddress 272->275 276 381c07-381e68 272->276 279 381bd9-381be9 GetProcAddress 275->279 280 381bc1-381bd7 275->280 277 381e6e-381e79 call 3989ee 276->277 278 381f34-381f60 GetModuleFileNameW call 37d6a7 call 38192f 276->278 277->278 289 381e7f-381ead GetModuleFileNameW CreateFileW 277->289 294 381f62-381f6e call 37c619 278->294 282 381beb-381c00 279->282 283 381c05 279->283 280->279 282->283 283->276 292 381f28-381f2f CloseHandle 289->292 293 381eaf-381ebb SetFilePointer 289->293 292->278 293->292 295 381ebd-381ed9 ReadFile 293->295 301 381f9d-381fc4 call 37d71d GetFileAttributesW 294->301 302 381f70-381f7b call 381b3b 294->302 295->292 298 381edb-381f00 295->298 300 381f1d-381f26 call 38169e 298->300 300->292 309 381f02-381f1c call 381b3b 300->309 312 381fce 301->312 313 381fc6-381fca 301->313 302->301 311 381f7d-381f9b CompareStringW 302->311 309->300 311->301 311->313 314 381fd0-381fd5 312->314 313->294 316 381fcc 313->316 317 38200c-38200e 314->317 318 381fd7 314->318 316->314 320 38211b-382125 317->320 321 382014-38202b call 37d6f1 call 37c619 317->321 319 381fd9-382000 call 37d71d GetFileAttributesW 318->319 326 38200a 319->326 327 382002-382006 319->327 331 38202d-38208e call 381b3b * 2 call 37f937 call 374a20 call 37f937 call 38b7f4 321->331 332 382093-3820c6 call 374a20 AllocConsole 321->332 326->317 327->319 329 382008 327->329 329->317 339 382113-382115 ExitProcess 331->339 338 3820c8-38210d GetCurrentProcessId AttachConsole call 394fa3 GetStdHandle WriteConsoleW Sleep FreeConsole 332->338 332->339 338->339
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32), ref: 00381B9C
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00381BAE
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00381BDF
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00381E89
                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00381EA3
                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00381EB3
                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00007FFE,$M:,00000000), ref: 00381ED1
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00381F29
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00381F3E
                                                                                                                                  • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,$M:,?,00000000,?,00000800), ref: 00381F92
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,$M:,00000800,?,00000000,?,00000800), ref: 00381FBC
                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,M:,00000800), ref: 00381FF8
                                                                                                                                    • Part of subcall function 00381B3B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00381B56
                                                                                                                                    • Part of subcall function 00381B3B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0038063A,Crypt32.dll,00000000,003806B4,00000200,?,00380697,00000000,00000000,?), ref: 00381B78
                                                                                                                                  • _swprintf.LIBCMT ref: 0038206A
                                                                                                                                  • _swprintf.LIBCMT ref: 003820B6
                                                                                                                                    • Part of subcall function 00374A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00374A33
                                                                                                                                  • AllocConsole.KERNEL32 ref: 003820BE
                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 003820C8
                                                                                                                                  • AttachConsole.KERNEL32(00000000), ref: 003820CF
                                                                                                                                  • _wcslen.LIBCMT ref: 003820E4
                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 003820F5
                                                                                                                                  • WriteConsoleW.KERNEL32(00000000), ref: 003820FC
                                                                                                                                  • Sleep.KERNEL32(00002710), ref: 00382107
                                                                                                                                  • FreeConsole.KERNEL32 ref: 0038210D
                                                                                                                                  • ExitProcess.KERNEL32 ref: 00382115
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                                                                  • String ID: $M:$$P:$$Q:$(N:$(R:$,O:$4Q:$<M:$<P:$@N:$DO:$DR:$DXGIDebug.dll$LQ:$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$XM:$XN:$\O:$\R:$`P:$dQ:$dwmapi.dll$kernel32$pM:$pN:$tO:$uxtheme.dll$xP:$xQ:$xR:$M:$N:
                                                                                                                                  • API String ID: 1207345701-3813374564
                                                                                                                                  • Opcode ID: 79798bddc9fdf827f15d19d7130cd58146c3c65e7235cb6161dd44a75c8de0a9
                                                                                                                                  • Instruction ID: 6f9a038963ae600bc04b9140570591b9560ba2cd519531d164adcc88920fa1f0
                                                                                                                                  • Opcode Fuzzy Hash: 79798bddc9fdf827f15d19d7130cd58146c3c65e7235cb6161dd44a75c8de0a9
                                                                                                                                  • Instruction Fuzzy Hash: 98D14BB5008384AFD733EF509849B9FBAECFBC6304F51491DF2899A151DBB485498BA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037ED87 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 0037ED90
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0037EDCC
                                                                                                                                    • Part of subcall function 0037D6A7: _wcslen.LIBCMT ref: 0037D6AF
                                                                                                                                    • Part of subcall function 00381907: _wcslen.LIBCMT ref: 0038190D
                                                                                                                                    • Part of subcall function 00382ED2: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0037CF18,00000000,?,?), ref: 00382EEE
                                                                                                                                  • _wcslen.LIBCMT ref: 0037F109
                                                                                                                                  • __fprintf_l.LIBCMT ref: 0037F23C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                                                                                                  • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                                                                                  • API String ID: 566448164-801612888
                                                                                                                                  • Opcode ID: ee630aa767475e1e0c244b4bf015f5f450ce3c082dedcdc8102d36e2e2437551
                                                                                                                                  • Instruction ID: 63a5079dd0c81cb264baf599e8b8987e6bbd02b4a93099aaba9c371848ca5300
                                                                                                                                  • Opcode Fuzzy Hash: ee630aa767475e1e0c244b4bf015f5f450ce3c082dedcdc8102d36e2e2437551
                                                                                                                                  • Instruction Fuzzy Hash: 1532EE71900218EFDF36EF68C841AEA37A8FF09714F41856AF9099B281E779DD81CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038E619 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0038C758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0038C769
                                                                                                                                    • Part of subcall function 0038C758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0038C77A
                                                                                                                                    • Part of subcall function 0038C758: IsDialogMessageW.USER32(00010440,?), ref: 0038C78E
                                                                                                                                    • Part of subcall function 0038C758: TranslateMessage.USER32(?), ref: 0038C79C
                                                                                                                                    • Part of subcall function 0038C758: DispatchMessageW.USER32(?), ref: 0038C7A6
                                                                                                                                  • GetDlgItem.USER32(00000068,003D1CF0), ref: 0038E62D
                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,00000001,?,?,0038C9A9,003A60F0,003D1CF0,003D1CF0,00001000,?,00000000,?), ref: 0038E655
                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0038E660
                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,003A45F4), ref: 0038E66E
                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0038E684
                                                                                                                                  • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0038E69E
                                                                                                                                  • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0038E6E2
                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0038E6F0
                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0038E6FF
                                                                                                                                  • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0038E726
                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,003A549C), ref: 0038E735
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                                  • String ID: \
                                                                                                                                  • API String ID: 3569833718-2967466578
                                                                                                                                  • Opcode ID: 9dcd2f62a8407a9bedc1307b2895becd4e944bf4a6f0de241f3b72413394d2e4
                                                                                                                                  • Instruction ID: 65f2d0c9d06d9bcfb7c71768a203ed691e6be705d979629e05cce3749614b78f
                                                                                                                                  • Opcode Fuzzy Hash: 9dcd2f62a8407a9bedc1307b2895becd4e944bf4a6f0de241f3b72413394d2e4
                                                                                                                                  • Instruction Fuzzy Hash: 87312871146B41BFE303DF20EC09FAB3FACFB42306F00094AF6A196190D7A559088766
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038E8DF Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 184windowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 667 38e8df-38e8f7 call 38ffd0 670 38eb38-38eb40 667->670 671 38e8fd-38e909 call 394fa3 667->671 671->670 674 38e90f-38e937 call 3911b0 671->674 677 38e939 674->677 678 38e941-38e94f 674->678 677->678 679 38e951-38e954 678->679 680 38e962-38e968 678->680 681 38e958-38e95e 679->681 682 38e9ab-38e9ae 680->682 684 38e960 681->684 685 38e987-38e994 681->685 682->681 683 38e9b0-38e9b6 682->683 688 38e9b8-38e9bb 683->688 689 38e9bd-38e9bf 683->689 690 38e972-38e97c 684->690 686 38e99a-38e99e 685->686 687 38eb10-38eb12 685->687 691 38e9a4-38e9a9 686->691 692 38eb16 686->692 687->692 688->689 693 38e9d2-38e9e8 call 37cd5c 688->693 689->693 694 38e9c1-38e9c8 689->694 695 38e96a-38e970 690->695 696 38e97e 690->696 691->682 701 38eb1f 692->701 703 38e9ea-38e9f7 call 383316 693->703 704 38ea01-38ea0c call 37b4c1 693->704 694->693 697 38e9ca 694->697 695->690 699 38e980-38e983 695->699 696->685 697->693 699->685 702 38eb26-38eb28 701->702 706 38eb2a-38eb2c 702->706 707 38eb37 702->707 703->704 714 38e9f9 703->714 712 38ea29-38ea36 ShellExecuteExW 704->712 713 38ea0e-38ea25 call 37cad4 704->713 706->707 710 38eb2e-38eb31 ShowWindow 706->710 707->670 710->707 712->707 716 38ea3c-38ea49 712->716 713->712 714->704 718 38ea4b-38ea52 716->718 719 38ea5c-38ea5e 716->719 718->719 720 38ea54-38ea5a 718->720 721 38ea60-38ea69 IsWindowVisible 719->721 722 38ea75-38ea88 WaitForInputIdle call 38ed8b 719->722 720->719 723 38eacb-38ead7 CloseHandle 720->723 721->722 724 38ea6b-38ea73 ShowWindow 721->724 728 38ea8d-38ea94 722->728 726 38eae8-38eaf6 723->726 727 38ead9-38eae6 call 383316 723->727 724->722 726->702 730 38eaf8-38eafa 726->730 727->701 727->726 728->723 731 38ea96-38ea9e 728->731 730->702 734 38eafc-38eb02 730->734 731->723 732 38eaa0-38eab1 GetExitCodeProcess 731->732 732->723 735 38eab3-38eabd 732->735 734->702 736 38eb04-38eb0e 734->736 737 38eabf 735->737 738 38eac4 735->738 736->702 737->738 738->723
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 0038E8FE
                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 0038EA2E
                                                                                                                                  • IsWindowVisible.USER32(?), ref: 0038EA61
                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 0038EA6D
                                                                                                                                  • WaitForInputIdle.USER32(?,000007D0), ref: 0038EA7E
                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 0038EAA9
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0038EACF
                                                                                                                                  • ShowWindow.USER32(?,00000001), ref: 0038EB31
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Show$CloseCodeExecuteExitHandleIdleInputProcessShellVisibleWait_wcslen
                                                                                                                                  • String ID: .exe$.inf$Ld:
                                                                                                                                  • API String ID: 3646668279-490478523
                                                                                                                                  • Opcode ID: 3292f7d1c3281ca7a4e9656a215d93d379268848885024073f42510e4d629729
                                                                                                                                  • Instruction ID: efafb4aac5f6fad147bd3ba06fdf6244fa8e30631aeb87bc779251876d677833
                                                                                                                                  • Opcode Fuzzy Hash: 3292f7d1c3281ca7a4e9656a215d93d379268848885024073f42510e4d629729
                                                                                                                                  • Instruction Fuzzy Hash: FF51F734108380AEDB33BF65A844ABB7BE9BF81B44F09489EF9C597150E7B98944C752
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039BB1B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 764 39bb1b-39bb34 765 39bb4a-39bb4f 764->765 766 39bb36-39bb46 call 3a010c 764->766 768 39bb5c-39bb80 MultiByteToWideChar 765->768 769 39bb51-39bb59 765->769 766->765 774 39bb48 766->774 771 39bd13-39bd26 call 390d7c 768->771 772 39bb86-39bb92 768->772 769->768 775 39bb94-39bba5 772->775 776 39bbe6 772->776 774->765 779 39bbc4-39bbd5 call 39a7fe 775->779 780 39bba7-39bbb6 call 3a31d0 775->780 778 39bbe8-39bbea 776->778 783 39bd08 778->783 784 39bbf0-39bc03 MultiByteToWideChar 778->784 779->783 790 39bbdb 779->790 780->783 789 39bbbc-39bbc2 780->789 788 39bd0a-39bd11 call 39bd83 783->788 784->783 787 39bc09-39bc1b call 39c12c 784->787 794 39bc20-39bc24 787->794 788->771 793 39bbe1-39bbe4 789->793 790->793 793->778 794->783 796 39bc2a-39bc31 794->796 797 39bc6b-39bc77 796->797 798 39bc33-39bc38 796->798 800 39bc79-39bc8a 797->800 801 39bcc3 797->801 798->788 799 39bc3e-39bc40 798->799 799->783 802 39bc46-39bc60 call 39c12c 799->802 804 39bc8c-39bc9b call 3a31d0 800->804 805 39bca5-39bcb6 call 39a7fe 800->805 803 39bcc5-39bcc7 801->803 802->788 816 39bc66 802->816 807 39bcc9-39bce2 call 39c12c 803->807 808 39bd01-39bd07 call 39bd83 803->808 804->808 819 39bc9d-39bca3 804->819 805->808 820 39bcb8 805->820 807->808 821 39bce4-39bceb 807->821 808->783 816->783 822 39bcbe-39bcc1 819->822 820->822 823 39bced-39bcee 821->823 824 39bd27-39bd2d 821->824 822->803 825 39bcef-39bcff WideCharToMultiByte 823->825 824->825 825->808 826 39bd2f-39bd36 call 39bd83 825->826 826->788
                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,003969A3,003969A3,?,?,?,0039BD6C,00000001,00000001,62E85006), ref: 0039BB75
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0039BD6C,00000001,00000001,62E85006,?,?,?), ref: 0039BBFB
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,62E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0039BCF5
                                                                                                                                  • __freea.LIBCMT ref: 0039BD02
                                                                                                                                    • Part of subcall function 0039A7FE: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0039DBEC,00000000,?,003980B1,?,00000008,?,0039A871,?,?,?), ref: 0039A830
                                                                                                                                  • __freea.LIBCMT ref: 0039BD0B
                                                                                                                                  • __freea.LIBCMT ref: 0039BD30
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1414292761-0
                                                                                                                                  • Opcode ID: a2de834caccd0d1ed3d9d6791769a567fa02b910e72eb7cb6b8f47e78bda0fc2
                                                                                                                                  • Instruction ID: 7c6fb3381ed009f675f58e37156e2f40c0210fa0fb29523620524414344a1c2f
                                                                                                                                  • Opcode Fuzzy Hash: a2de834caccd0d1ed3d9d6791769a567fa02b910e72eb7cb6b8f47e78bda0fc2
                                                                                                                                  • Instruction Fuzzy Hash: C451D172610216AFEF268F64ED82EBFB7AAEF45750F164628FC04DA190DB35DD40C690
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038C324 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 829 38c324-38c342 GetCurrentProcess OpenProcessToken 830 38c344-38c35c GetTokenInformation 829->830 831 38c3a7 829->831 833 38c369-38c38a call 397566 GetTokenInformation 830->833 834 38c35e-38c367 GetLastError 830->834 832 38c3a9-38c3ab 831->832 837 38c39b-38c3a5 call 395219 833->837 838 38c38c-38c399 CopySid 833->838 834->831 834->833 837->832 838->837
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(00020008,0038BF14,?,?,?,?,0038BF14,?), ref: 0038C333
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0038BF14,?), ref: 0038C33A
                                                                                                                                  • GetTokenInformation.KERNELBASE(0038BF14,00000001(TokenIntegrityLevel),00000000,00000000,?,?,?,?,?,0038BF14,?), ref: 0038C354
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,0038BF14,?), ref: 0038C35E
                                                                                                                                  • GetTokenInformation.KERNELBASE(0038BF14,00000001(TokenIntegrityLevel),00000000,?,?,?,?,?,?,?,0038BF14,?), ref: 0038C382
                                                                                                                                  • CopySid.ADVAPI32(00000044,0038BF14,00000000,?,?,?,?,?,0038BF14,?), ref: 0038C393
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Token$InformationProcess$CopyCurrentErrorLastOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3984476752-0
                                                                                                                                  • Opcode ID: cce9a6d485b7b4973a402d2f81b252a106a2ac8b26414541a4936d90311ca7c8
                                                                                                                                  • Instruction ID: 825df5a5481e269ecd95db7bb68f5316721d485210b440614fe685b680f933db
                                                                                                                                  • Opcode Fuzzy Hash: cce9a6d485b7b4973a402d2f81b252a106a2ac8b26414541a4936d90311ca7c8
                                                                                                                                  • Instruction Fuzzy Hash: EF018C76510208FFDF12ABA0EC89EEEBB6DEF06340F104056F605E1050D7B58E55AB70
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038ED8B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 841 38ed8b-38eda4 WaitForSingleObject 842 38edec-38edee 841->842 843 38eda6-38eda7 841->843 844 38eda9-38edb9 PeekMessageW 843->844 845 38edbb-38edd6 GetMessageW TranslateMessage DispatchMessageW 844->845 846 38eddc-38ede9 WaitForSingleObject 844->846 845->846 846->844 847 38edeb 846->847 847->842
                                                                                                                                  APIs
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0038ED97
                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0038EDB1
                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0038EDC2
                                                                                                                                  • TranslateMessage.USER32(?), ref: 0038EDCC
                                                                                                                                  • DispatchMessageW.USER32(?), ref: 0038EDD6
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0038EDE1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2148572870-0
                                                                                                                                  • Opcode ID: 2d44383ce5cd022a48fc58ebe75f185e341f8e58bdc945406e37bfbae638df17
                                                                                                                                  • Instruction ID: 85c458c169bef96facec3a09c4662c7c72d86a8437354e1741c7e20d46f445c7
                                                                                                                                  • Opcode Fuzzy Hash: 2d44383ce5cd022a48fc58ebe75f185e341f8e58bdc945406e37bfbae638df17
                                                                                                                                  • Instruction Fuzzy Hash: 33F03C72A01219BBCB226BA5EC4DDCF7F6CEF42391F108022F60AD2050D634854AC7E0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038DFCC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 848 38dfcc-38dfcf 849 38e14e-38e151 848->849 850 38dfd5-38dffa GetTempPathW call 37caa0 848->850 852 38e51e-38e549 call 38c504 849->852 853 38e157-38e15d 849->853 859 38dffe-38e02a call 374a20 call 37b4c1 850->859 860 38d8d8-38d8e6 852->860 861 38e54f-38e55d 852->861 856 38e169-38e170 853->856 857 38e15f 853->857 856->852 857->856 871 38dffc-38dffd 859->871 872 38e02c-38e043 SetDlgItemTextW 859->872 865 38d8e7-38d8fc call 38c11c 860->865 870 38d8fe 865->870 873 38d900-38d915 call 383316 870->873 871->859 872->852 874 38e049-38e04f 872->874 880 38d922-38d925 873->880 881 38d917-38d91b 873->881 874->852 876 38e055-38e070 call 3933ac 874->876 882 38e0c0-38e0c7 876->882 883 38e072-38e07e 876->883 880->852 885 38d92b 880->885 881->873 884 38d91d 881->884 891 38e0f9-38e129 call 38bea2 call 38b7f4 882->891 892 38e0c9-38e0f4 call 38192f * 2 882->892 883->882 886 38e080 883->886 884->852 887 38dbc1-38dbc3 885->887 888 38d932-38d935 885->888 889 38db03-38db05 885->889 890 38dba4-38dba6 885->890 895 38e083-38e087 886->895 887->852 896 38dbc9-38dbd0 887->896 888->852 898 38d93b-38d995 call 38b65d call 37d200 call 37b93d call 37ba77 call 3779e5 888->898 889->852 897 38db0b-38db17 889->897 890->852 894 38dbac-38dbbc SetWindowTextW 890->894 891->852 927 38e12f-38e149 EndDialog 891->927 892->891 894->852 901 38e089-38e097 895->901 902 38e09b-38e0b8 call 38192f 895->902 896->852 903 38dbd6-38dbef 896->903 904 38db19-38db2a call 398a79 897->904 905 38db2b-38db30 897->905 965 38dad4-38dae9 call 37b9ca 898->965 901->895 909 38e099 901->909 902->882 910 38dbf1 903->910 911 38dbf7-38dc05 call 394fa3 903->911 904->905 915 38db3a-38db45 call 38c67e 905->915 916 38db32-38db38 905->916 909->882 910->911 911->852 933 38dc0b-38dc14 911->933 923 38db4a-38db4c 915->923 916->923 925 38db4e-38db55 call 394fa3 923->925 926 38db57-38db77 call 394fa3 call 39521e 923->926 925->926 952 38db79-38db80 926->952 953 38db90-38db92 926->953 927->852 937 38dc3d-38dc40 933->937 938 38dc16-38dc1a 933->938 941 38dd25-38dd33 call 38192f 937->941 942 38dc46-38dc49 937->942 938->942 944 38dc1c-38dc24 938->944 962 38dd35-38dd49 call 3936be 941->962 946 38dc4b-38dc50 942->946 947 38dc56-38dc71 942->947 944->852 950 38dc2a-38dc38 call 38192f 944->950 946->941 946->947 966 38dcbb-38dcc2 947->966 967 38dc73-38dcad 947->967 950->962 959 38db82-38db84 952->959 960 38db87-38db8f call 398a79 952->960 953->852 961 38db98-38db9f call 395219 953->961 959->960 960->953 961->852 976 38dd4b-38dd4f 962->976 977 38dd56-38ddb0 call 38192f call 38c3ae GetDlgItem SetWindowTextW SendMessageW call 397306 962->977 983 38d99a-38d9ae SetFileAttributesW 965->983 984 38daef-38dafe call 37b953 965->984 973 38dcf0-38dd13 call 394fa3 * 2 966->973 974 38dcc4-38dcdc call 394fa3 966->974 1000 38dcaf 967->1000 1001 38dcb1-38dcb3 967->1001 973->962 1005 38dd15-38dd23 call 381907 973->1005 974->973 987 38dcde-38dceb call 381907 974->987 976->977 982 38dd51-38dd53 976->982 977->852 1015 38ddb6-38ddca SendMessageW 977->1015 982->977 989 38da54-38da64 GetFileAttributesW 983->989 990 38d9b4-38d9e7 call 37cdc0 call 37caa0 call 394fa3 983->990 984->852 987->973 989->965 998 38da66-38da75 DeleteFileW 989->998 1020 38d9e9-38d9f8 call 394fa3 990->1020 1021 38d9fa-38da08 call 37d1c1 990->1021 998->965 1004 38da77-38da7a 998->1004 1000->1001 1001->966 1008 38da7e-38daaa call 374a20 GetFileAttributesW 1004->1008 1005->962 1018 38da7c-38da7d 1008->1018 1019 38daac-38dac2 MoveFileW 1008->1019 1015->852 1018->1008 1019->965 1022 38dac4-38dace MoveFileExW 1019->1022 1020->1021 1027 38da0e-38da4e call 394fa3 call 3911b0 SHFileOperationW 1020->1027 1021->984 1021->1027 1022->965 1027->989
                                                                                                                                  APIs
                                                                                                                                  • GetTempPathW.KERNEL32(00000800,?), ref: 0038DFE2
                                                                                                                                    • Part of subcall function 0037CAA0: _wcslen.LIBCMT ref: 0037CAA6
                                                                                                                                  • _swprintf.LIBCMT ref: 0038E016
                                                                                                                                    • Part of subcall function 00374A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00374A33
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000066,003C2892), ref: 0038E036
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 0038E143
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                                                                                                  • String ID: %s%s%u
                                                                                                                                  • API String ID: 110358324-1360425832
                                                                                                                                  • Opcode ID: 08755511de62c521d7f806978392199866f7b7aecac0bc11ba383f9251943338
                                                                                                                                  • Instruction ID: 2a7bd5ab7086c029920d5efcd569492b35609b2676ee144c7cb77628a7505c09
                                                                                                                                  • Opcode Fuzzy Hash: 08755511de62c521d7f806978392199866f7b7aecac0bc11ba383f9251943338
                                                                                                                                  • Instruction Fuzzy Hash: FC413EB5900319AADF26ABA1DC45FEA77BCEB05304F4084E6F909EB051EF719A448F61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038BBC0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1032 38bbc0-38bbdf GetClassNameW 1033 38bbe1-38bbf6 call 383316 1032->1033 1034 38bc07-38bc09 1032->1034 1039 38bbf8-38bc04 FindWindowExW 1033->1039 1040 38bc06 1033->1040 1036 38bc0b-38bc0d 1034->1036 1037 38bc14-38bc16 1034->1037 1036->1037 1039->1040 1040->1034
                                                                                                                                  APIs
                                                                                                                                  • GetClassNameW.USER32(?,?,00000050), ref: 0038BBD7
                                                                                                                                  • SHAutoComplete.SHLWAPI(?,00000010), ref: 0038BC0E
                                                                                                                                    • Part of subcall function 00383316: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00013316,0037D523,00000000,.exe,?,?,00000800,?,?,?,00389E5C), ref: 0038332C
                                                                                                                                  • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0038BBFE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                                  • String ID: @Ut$EDIT
                                                                                                                                  • API String ID: 4243998846-2065656831
                                                                                                                                  • Opcode ID: f16b88be7b9fbe5ef41deb508b69d0ef39b2ee8a6c7e90e38c07eac7df78c289
                                                                                                                                  • Instruction ID: e7f29feb691e2ac0824cc4239c736e6cb79ef7bd3c5f0928d73cb0b596a425d2
                                                                                                                                  • Opcode Fuzzy Hash: f16b88be7b9fbe5ef41deb508b69d0ef39b2ee8a6c7e90e38c07eac7df78c289
                                                                                                                                  • Instruction Fuzzy Hash: 1AF0A732601729BBDB3266659C05F9FB77CAF46B40F450062FD00F6180DB64DA0186F5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038BD1B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00381B3B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00381B56
                                                                                                                                    • Part of subcall function 00381B3B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0038063A,Crypt32.dll,00000000,003806B4,00000200,?,00380697,00000000,00000000,?), ref: 00381B78
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0038BD34
                                                                                                                                  • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0038BD6B
                                                                                                                                  • SHGetMalloc.SHELL32(003BA460), ref: 0038BD75
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                                                  • String ID: riched20.dll$3So
                                                                                                                                  • API String ID: 3498096277-3464455743
                                                                                                                                  • Opcode ID: a3dacda1ea0cb3161708c0071a2fa56251a5277b5d69f62eb736f52da5fec79e
                                                                                                                                  • Instruction ID: 31a098181b8ec0b6c528259d8e50830e6d840c010ea311eb9a1538cc80a2fa77
                                                                                                                                  • Opcode Fuzzy Hash: a3dacda1ea0cb3161708c0071a2fa56251a5277b5d69f62eb736f52da5fec79e
                                                                                                                                  • Instruction Fuzzy Hash: 13F06DB1D00209AFCB12AF99D8499EFFFFCEF80304F00405AE400E2200D7B846498BA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037AB40 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1045 37ab40-37ab61 call 38ffd0 1048 37ab63-37ab66 1045->1048 1049 37ab6c 1045->1049 1048->1049 1050 37ab68-37ab6a 1048->1050 1051 37ab6e-37ab7f 1049->1051 1050->1051 1052 37ab87-37ab91 1051->1052 1053 37ab81 1051->1053 1054 37ab96-37aba3 call 3779e5 1052->1054 1055 37ab93 1052->1055 1053->1052 1058 37aba5 1054->1058 1059 37abab-37abca CreateFileW 1054->1059 1055->1054 1058->1059 1060 37abcc-37abee GetLastError call 37cf32 1059->1060 1061 37ac1b-37ac1f 1059->1061 1065 37ac28-37ac2d 1060->1065 1070 37abf0-37ac13 CreateFileW GetLastError 1060->1070 1062 37ac23-37ac26 1061->1062 1064 37ac39-37ac3e 1062->1064 1062->1065 1068 37ac40-37ac43 1064->1068 1069 37ac5f-37ac70 1064->1069 1065->1064 1067 37ac2f 1065->1067 1067->1064 1068->1069 1071 37ac45-37ac59 SetFileTime 1068->1071 1072 37ac72-37ac8a call 38192f 1069->1072 1073 37ac8e-37ac99 1069->1073 1070->1062 1074 37ac15-37ac19 1070->1074 1071->1069 1072->1073 1074->1062
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00378243,?,00000005,?,00000011), ref: 0037ABBF
                                                                                                                                  • GetLastError.KERNEL32(?,?,00378243,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0037ABCC
                                                                                                                                  • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00378243,?,00000005,?), ref: 0037AC02
                                                                                                                                  • GetLastError.KERNEL32(?,?,00378243,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0037AC0A
                                                                                                                                  • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00378243,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0037AC59
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$CreateErrorLast$Time
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1999340476-0
                                                                                                                                  • Opcode ID: c8848b4d47d3b09fd9c194ce4de75ea4c7b0a76a05d6b234b3c23025d7020f90
                                                                                                                                  • Instruction ID: 5be32e07d1fd7efe3b77d2527c582f8621df65a77e2635e75dd5294c46a1a966
                                                                                                                                  • Opcode Fuzzy Hash: c8848b4d47d3b09fd9c194ce4de75ea4c7b0a76a05d6b234b3c23025d7020f90
                                                                                                                                  • Instruction Fuzzy Hash: B9312730544B42BFE7329F24DC45B9EBBD9BB85320F204B19F5A9861D1C3B9A844CB96
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038C758 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1115 38c758-38c771 PeekMessageW 1116 38c7ac-38c7ae 1115->1116 1117 38c773-38c787 GetMessageW 1115->1117 1118 38c798-38c7a6 TranslateMessage DispatchMessageW 1117->1118 1119 38c789-38c796 IsDialogMessageW 1117->1119 1118->1116 1119->1116 1119->1118
                                                                                                                                  APIs
                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0038C769
                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0038C77A
                                                                                                                                  • IsDialogMessageW.USER32(00010440,?), ref: 0038C78E
                                                                                                                                  • TranslateMessage.USER32(?), ref: 0038C79C
                                                                                                                                  • DispatchMessageW.USER32(?), ref: 0038C7A6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1266772231-0
                                                                                                                                  • Opcode ID: 14f333d01205bc569d5fece2a0a1cf9c332119efc5e3fe55bd91e495b1bf52fd
                                                                                                                                  • Instruction ID: 05dce62690d0bbef6663b6324f411694082f9d12a6db5319efc7140ac10403f1
                                                                                                                                  • Opcode Fuzzy Hash: 14f333d01205bc569d5fece2a0a1cf9c332119efc5e3fe55bd91e495b1bf52fd
                                                                                                                                  • Instruction Fuzzy Hash: 6AF0DA7190262ABF8B21ABA2EC4CDDB7FACEE05395B508416B516D2010E778D505CBF0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038ED2E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0038ED44
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0038ED80
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnvironmentVariable
                                                                                                                                  • String ID: sfxcmd$sfxpar
                                                                                                                                  • API String ID: 1431749950-3493335439
                                                                                                                                  • Opcode ID: ba753a310a986f8ffa5ce8f0a6798a0807356a353b219fabf3a0c731ee8671f0
                                                                                                                                  • Instruction ID: 23134cb8dcdc84f7ab81525faa9fdd946ce80817f439fdf7034a1922cc7f97a4
                                                                                                                                  • Opcode Fuzzy Hash: ba753a310a986f8ffa5ce8f0a6798a0807356a353b219fabf3a0c731ee8671f0
                                                                                                                                  • Instruction Fuzzy Hash: A2F06572901334ABDB233B908C0AEEBBB5CEF56B41F040195FD859A096E764C885D7F0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00394DA2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,?,00394D53,00000000,?,003D40C4,?,?,?,00394EF6,00000004,InitializeCriticalSectionEx,003A7424,InitializeCriticalSectionEx), ref: 00394DAF
                                                                                                                                  • GetLastError.KERNEL32(?,00394D53,00000000,?,003D40C4,?,?,?,00394EF6,00000004,InitializeCriticalSectionEx,003A7424,InitializeCriticalSectionEx,00000000,?,00394CAD), ref: 00394DB9
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00394DE1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                  • String ID: api-ms-
                                                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                                                  • Opcode ID: 8762b638e0fa6ef3a84d94ab03976a23107ef75591a388c4e25eeb605291ac42
                                                                                                                                  • Instruction ID: 00473a3e01a0e1261369d855e4a3d0c47cdb40a1c704e7919b9a7490f8f955f6
                                                                                                                                  • Opcode Fuzzy Hash: 8762b638e0fa6ef3a84d94ab03976a23107ef75591a388c4e25eeb605291ac42
                                                                                                                                  • Instruction Fuzzy Hash: 86E04F3C384204B7EF222B61EC46F5A3F58AB81B51F110420FA0DA84E2E7A1A9519584
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037A9E5 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetStdHandle.KERNEL32(000000F6), ref: 0037A9F5
                                                                                                                                  • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 0037AA0D
                                                                                                                                  • GetLastError.KERNEL32 ref: 0037AA3F
                                                                                                                                  • GetLastError.KERNEL32 ref: 0037AA5E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$FileHandleRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2244327787-0
                                                                                                                                  • Opcode ID: b6d4e748840d20dd0cf072d81007837c07749957dde6956296c89670e5425a36
                                                                                                                                  • Instruction ID: b36e7dcd784a4a545fa8a8fedf5ba66e3157ffc68cf2b881120b292e1a6667e0
                                                                                                                                  • Opcode Fuzzy Hash: b6d4e748840d20dd0cf072d81007837c07749957dde6956296c89670e5425a36
                                                                                                                                  • Instruction Fuzzy Hash: 6911AC31500A04EBCB729F64DA04A6E77ADBBD2361F11C62AF92A85190C7BC8E40DB53
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039BEF4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,0037EA30,00000000,00000000,?,0039BE9B,0037EA30,00000000,00000000,00000000,?,0039C098,00000006,FlsSetValue), ref: 0039BF26
                                                                                                                                  • GetLastError.KERNEL32(?,0039BE9B,0037EA30,00000000,00000000,00000000,?,0039C098,00000006,FlsSetValue,003A8A00,FlsSetValue,00000000,00000364,?,0039A5E7), ref: 0039BF32
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0039BE9B,0037EA30,00000000,00000000,00000000,?,0039C098,00000006,FlsSetValue,003A8A00,FlsSetValue,00000000), ref: 0039BF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                  • Opcode ID: 5a9a0071a6aa4cce680aad6446d5bf44d6b57bb7439f5f9250c89c2ae46b15e5
                                                                                                                                  • Instruction ID: e0afbcac397a325e8cfe3c712568818f0c7e1b33f2f0f4b4549f202485a18d7b
                                                                                                                                  • Opcode Fuzzy Hash: 5a9a0071a6aa4cce680aad6446d5bf44d6b57bb7439f5f9250c89c2ae46b15e5
                                                                                                                                  • Instruction Fuzzy Hash: 3701A7326152269BCF239B69BD48A57FB9CEF86BA1B160620F91BD7150D760DC00CAE0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037F968 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadStringW.USER32(?,?,00000200,?), ref: 0037F998
                                                                                                                                  • LoadStringW.USER32(?,?,00000200), ref: 0037F9AF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LoadString
                                                                                                                                  • String ID: p0;
                                                                                                                                  • API String ID: 2948472770-3321720469
                                                                                                                                  • Opcode ID: 42fc0874e0c1486b0bf0716acacc52429b72bec4c6481fb482d2bd209b17d3de
                                                                                                                                  • Instruction ID: 4062e90049ea0c45c22797c6bf12a9a108166a323a6ee5e2ebee97cab74a99fb
                                                                                                                                  • Opcode Fuzzy Hash: 42fc0874e0c1486b0bf0716acacc52429b72bec4c6481fb482d2bd209b17d3de
                                                                                                                                  • Instruction Fuzzy Hash: 8CF0743610122ABBDF125F65EC049AA7F6EFF0A395B008425FE0996120D6329960EBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037B20A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetStdHandle.KERNEL32(000000F5,?,?,?,?,0037E79B,00000001,?,?,?,00000000,003866C2,?,?,?), ref: 0037B22E
                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,003866C2,?,?,?,?,?,00386184,?), ref: 0037B275
                                                                                                                                  • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,0037E79B,00000001,?,?), ref: 0037B2A1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileWrite$Handle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4209713984-0
                                                                                                                                  • Opcode ID: 622786827a3d1304e16ae9fd73d008c4937e0a6fee97dddc7aad511d8db4f1fe
                                                                                                                                  • Instruction ID: 46ba8e0ef7efddbb8b89be54f20efdc56a23b70f692149c82e498c421bcea2e3
                                                                                                                                  • Opcode Fuzzy Hash: 622786827a3d1304e16ae9fd73d008c4937e0a6fee97dddc7aad511d8db4f1fe
                                                                                                                                  • Instruction Fuzzy Hash: B031E231249305AFDB26CF10D808BAEB7B9FB85714F04891CF58967290CB789D48CBA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037B542 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0037D68B: _wcslen.LIBCMT ref: 0037D691
                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,0037B405,?,00000001,00000000,?,?), ref: 0037B569
                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,0037B405,?,00000001,00000000,?,?), ref: 0037B59C
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,0037B405,?,00000001,00000000,?,?), ref: 0037B5B9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2260680371-0
                                                                                                                                  • Opcode ID: 2581f93e8a87569024c7e371140215d30ec54c8ee3aa78dc186719ef863f4795
                                                                                                                                  • Instruction ID: 70c683a38c7364ab749e80fc4a669fa8cb9dd8d7361c69ad5bb6fcbbf22d17f6
                                                                                                                                  • Opcode Fuzzy Hash: 2581f93e8a87569024c7e371140215d30ec54c8ee3aa78dc186719ef863f4795
                                                                                                                                  • Instruction Fuzzy Hash: 8701D831204210AAEF33AB745C45BEEB67C9F07790F058414F90AEA081DB7CDA8197A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039CA53 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0039CA78
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Info
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1807457897-3916222277
                                                                                                                                  • Opcode ID: a381a74f8870123bd3dec25a76bf5f1bc780d1f464bced365310982942f5c23c
                                                                                                                                  • Instruction ID: 28d914d76cb9b89fad77e1a821a01d6832548d0a26626b1818c5a0865ebb24cf
                                                                                                                                  • Opcode Fuzzy Hash: a381a74f8870123bd3dec25a76bf5f1bc780d1f464bced365310982942f5c23c
                                                                                                                                  • Instruction Fuzzy Hash: 6241F6B151428C9EDF238E68CC85AF6BBBDEB45308F1418EDE58A86142D235AE459F60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039C12C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,62E85006,00000001,?,?), ref: 0039C19D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String
                                                                                                                                  • String ID: LCMapStringEx
                                                                                                                                  • API String ID: 2568140703-3893581201
                                                                                                                                  • Opcode ID: 7e5e652497e167a6ff4f05384638939755de188214e4cdffa2aea1cbd82f2ad6
                                                                                                                                  • Instruction ID: 6c14f690b54e935fc73f600181332dd463250f4cd1a1b09abdad316aaa218a5f
                                                                                                                                  • Opcode Fuzzy Hash: 7e5e652497e167a6ff4f05384638939755de188214e4cdffa2aea1cbd82f2ad6
                                                                                                                                  • Instruction Fuzzy Hash: 9301133254110DBBCF079F90DC02DEE7FA6EB4D750F014515FE0425161CB728971AB84
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039C0CA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,0039B72F), ref: 0039C115
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                  • String ID: InitializeCriticalSectionEx
                                                                                                                                  • API String ID: 2593887523-3084827643
                                                                                                                                  • Opcode ID: f51e5b419c8d9c806fe447877c4572c3c8168d2adc72a4ddfdd25e98abe7505f
                                                                                                                                  • Instruction ID: dafabd664e50d562a5d13264a54a8566a287fae37d74db8dbd313f3667001dbc
                                                                                                                                  • Opcode Fuzzy Hash: f51e5b419c8d9c806fe447877c4572c3c8168d2adc72a4ddfdd25e98abe7505f
                                                                                                                                  • Instruction Fuzzy Hash: ECF0BE35A4121CBBCF079F54DC02DAEBFA9EB5A7A0F004156FD092A261CF7259209B84
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039BF6F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Alloc
                                                                                                                                  • String ID: FlsAlloc
                                                                                                                                  • API String ID: 2773662609-671089009
                                                                                                                                  • Opcode ID: 646b097f379b89629107cd66d25bcbf7b4d22b75580a7cf5adae6d31b97034ee
                                                                                                                                  • Instruction ID: 785f37b45fdf406557429c3d4f3667757821cdcd2317e29188c1521fbb4b04d2
                                                                                                                                  • Opcode Fuzzy Hash: 646b097f379b89629107cd66d25bcbf7b4d22b75580a7cf5adae6d31b97034ee
                                                                                                                                  • Instruction Fuzzy Hash: 7EE0EC31A402186FCA075B54AD069BFFB58CB46B10F01015DF80566250DF711D1156CA
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038FD58 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038FD6A
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID: 3So
                                                                                                                                  • API String ID: 1269201914-1105799393
                                                                                                                                  • Opcode ID: fa6c81fe4aff2bbe0f55131ffcb52010d7538a5a28bfe66ed0471e29cb2d1722
                                                                                                                                  • Instruction ID: f039a7b56361645140c3b992910c96139a77e919355df78e1d794c05d01f9c24
                                                                                                                                  • Opcode Fuzzy Hash: fa6c81fe4aff2bbe0f55131ffcb52010d7538a5a28bfe66ed0471e29cb2d1722
                                                                                                                                  • Instruction Fuzzy Hash: 9FB01296268700BD370732603C03E37010CC4C0B12330857FF002C484095844C481171
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039CDB0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0039C97B: GetOEMCP.KERNEL32(00000000,?,?,0039CC04,?), ref: 0039C9A6
                                                                                                                                  • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0039CC49,?,00000000), ref: 0039CE24
                                                                                                                                  • GetCPInfo.KERNEL32(00000000,0039CC49,?,?,?,0039CC49,?,00000000), ref: 0039CE37
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CodeInfoPageValid
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 546120528-0
                                                                                                                                  • Opcode ID: 824c4f383e48895c22e9c64aed8b77fd89b2e6c4ef2233105ce9fd0ce365abdb
                                                                                                                                  • Instruction ID: 3937ba163498d32b65d845df20c4c7d15fb54a69c6ba65ddf13c40db5cd74dc1
                                                                                                                                  • Opcode Fuzzy Hash: 824c4f383e48895c22e9c64aed8b77fd89b2e6c4ef2233105ce9fd0ce365abdb
                                                                                                                                  • Instruction Fuzzy Hash: DC511171D202069FEF27CF75C8916BBBBE9AF41300F14606EE0978B662D7359942CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037ACD4 Relevance: 3.1, APIs: 2, Instructions: 134COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNELBASE(000000FF,?,?,?,-000018C0,00000000,00000800,?,0037ACB0,?,?,00000000,?,?,00379C8B,?), ref: 0037AE3A
                                                                                                                                  • GetLastError.KERNEL32(?,?,00379C8B,?,?,?,-000018C0,?,-00002908,00000000,-00000880,?,00000000,?,?,00000000), ref: 0037AE49
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                  • Opcode ID: f4dd8bc083eba9d33085a536c85f062b6da9f3dad67f1246c0bb9a5e8d3d7cb5
                                                                                                                                  • Instruction ID: 7e675a62796681f4a3c66d777f257a47444fba9363fbf1b59c624821d7ec01ae
                                                                                                                                  • Opcode Fuzzy Hash: f4dd8bc083eba9d33085a536c85f062b6da9f3dad67f1246c0bb9a5e8d3d7cb5
                                                                                                                                  • Instruction Fuzzy Hash: 0C412634204B45CBD736AF24C8A46AEB3A9FBC8352F118529E84D87E50D7B8DC848B53
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039CBE7 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0039A515: GetLastError.KERNEL32(?,003B3070,00395982,003B3070,?,?,00395281,00000050,?,003B3070,00000200), ref: 0039A519
                                                                                                                                    • Part of subcall function 0039A515: _free.LIBCMT ref: 0039A54C
                                                                                                                                    • Part of subcall function 0039A515: SetLastError.KERNEL32(00000000,?,003B3070,00000200), ref: 0039A58D
                                                                                                                                    • Part of subcall function 0039A515: _abort.LIBCMT ref: 0039A593
                                                                                                                                    • Part of subcall function 0039CD0E: _abort.LIBCMT ref: 0039CD40
                                                                                                                                    • Part of subcall function 0039CD0E: _free.LIBCMT ref: 0039CD74
                                                                                                                                    • Part of subcall function 0039C97B: GetOEMCP.KERNEL32(00000000,?,?,0039CC04,?), ref: 0039C9A6
                                                                                                                                  • _free.LIBCMT ref: 0039CC5F
                                                                                                                                  • _free.LIBCMT ref: 0039CC95
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorLast_abort
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2991157371-0
                                                                                                                                  • Opcode ID: 809833b2cb5dfe4d6fad2f3ef4883812c8f1f2bbf4de4645de9700e07305c952
                                                                                                                                  • Instruction ID: eb5e42922fb549efcb54e6aa8dee0498b0cf59ef3d37e35a45e8b8d7c0728e31
                                                                                                                                  • Opcode Fuzzy Hash: 809833b2cb5dfe4d6fad2f3ef4883812c8f1f2bbf4de4645de9700e07305c952
                                                                                                                                  • Instruction Fuzzy Hash: F931F631904244AFDF12EFA8C441B9DBBF5EF40320F260199E5089F2A2EB329D42DF80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037B032 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00377ED0,?,?,?,00000000), ref: 0037B04C
                                                                                                                                  • SetFileTime.KERNELBASE(?,?,?,?), ref: 0037B100
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$BuffersFlushTime
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1392018926-0
                                                                                                                                  • Opcode ID: b7f3de4aa590f35be5ddba9648e3401bce9bf4c6b6f2da5db043a92a44ea62d9
                                                                                                                                  • Instruction ID: 5b99653da63b2d041254ca37f34ad11c03a4702dfa18863e6f01fc8f4dc74a54
                                                                                                                                  • Opcode Fuzzy Hash: b7f3de4aa590f35be5ddba9648e3401bce9bf4c6b6f2da5db043a92a44ea62d9
                                                                                                                                  • Instruction Fuzzy Hash: FF21F031248341DFC726DE74C891BABFBE8AF91304F05891CB4E9C7151D329E90C9B62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037A8CE Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,0037B1B7,?,?,003781FD), ref: 0037A946
                                                                                                                                  • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,0037B1B7,?,?,003781FD), ref: 0037A976
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                  • Opcode ID: 7524bfdffe42aeff427dc81b17ee21d305140e3da7276978017dea0f5ac232a5
                                                                                                                                  • Instruction ID: c6e796bbc4f5e8780f9e4db7b973c8cad0cf0ce0e3ea59983c97e5b24feeb2b5
                                                                                                                                  • Opcode Fuzzy Hash: 7524bfdffe42aeff427dc81b17ee21d305140e3da7276978017dea0f5ac232a5
                                                                                                                                  • Instruction Fuzzy Hash: 222108710007446EE3319A25CC44BB776DCEB8A321F11461CFAD9C61C1C778A884D672
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00371F30 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00371F35
                                                                                                                                    • Part of subcall function 003742F1: __EH_prolog.LIBCMT ref: 003742F6
                                                                                                                                  • _wcslen.LIBCMT ref: 00371FDA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2838827086-0
                                                                                                                                  • Opcode ID: 3aae6f4bc34b8233bd3dcb057080753b88f030963c6fe08fae49005057e9469e
                                                                                                                                  • Instruction ID: 89c2b90198778deacd0796b2dcaa63c05a7b54872476e61646b58eac822a4f70
                                                                                                                                  • Opcode Fuzzy Hash: 3aae6f4bc34b8233bd3dcb057080753b88f030963c6fe08fae49005057e9469e
                                                                                                                                  • Instruction Fuzzy Hash: 78217F72904219AFCF22AF98C8519EEFBB5FF08300F10456DF449BB661C7795A51CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00394D02 Relevance: 3.1, APIs: 2, Instructions: 67libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,003D40C4,?,?,?,00394EF6,00000004,InitializeCriticalSectionEx,003A7424,InitializeCriticalSectionEx,00000000,?,00394CAD,003D40C4,00000FA0), ref: 00394D85
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00394D8F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3013587201-0
                                                                                                                                  • Opcode ID: 83b31718dd32cf6319a0913ac5f9e094f4b6243b2c3aa7305b8fe118c8fd3e55
                                                                                                                                  • Instruction ID: 5e6a133176a5dea7eb92684e48accc7a72092613423187ecf816df4fd0aaa8a6
                                                                                                                                  • Opcode Fuzzy Hash: 83b31718dd32cf6319a0913ac5f9e094f4b6243b2c3aa7305b8fe118c8fd3e55
                                                                                                                                  • Instruction Fuzzy Hash: 2211907A601515AF9F23DFA8EC80DAA73A9FF46360B260169E905DB251E730DD02DBD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037B110 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 0037B157
                                                                                                                                  • GetLastError.KERNEL32 ref: 0037B164
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                  • Opcode ID: 3cf4b899a8268f24da45f653f4ce1b49d25a6dfc00d20c2e357fb9a4bf9efe50
                                                                                                                                  • Instruction ID: cdb5cc32b23305b082cf7ab277157371e6395b7b0c54839aa895a7bb0d78ab82
                                                                                                                                  • Opcode Fuzzy Hash: 3cf4b899a8268f24da45f653f4ce1b49d25a6dfc00d20c2e357fb9a4bf9efe50
                                                                                                                                  • Instruction Fuzzy Hash: 39110E30600300ABD7379A28C855BA6F3F8AB45370FA1C628E16B939C0E3B8AD04C760
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038BFB3 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0037D6A7: _wcslen.LIBCMT ref: 0037D6AF
                                                                                                                                    • Part of subcall function 00383338: _wcslen.LIBCMT ref: 00383340
                                                                                                                                    • Part of subcall function 00383338: _wcslen.LIBCMT ref: 00383351
                                                                                                                                    • Part of subcall function 00383338: _wcslen.LIBCMT ref: 00383361
                                                                                                                                    • Part of subcall function 00383338: _wcslen.LIBCMT ref: 0038336F
                                                                                                                                    • Part of subcall function 00383338: CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,0037C844,?,?,00000000,?,?,?), ref: 0038338A
                                                                                                                                    • Part of subcall function 0038BC19: SetCurrentDirectoryW.KERNELBASE(?,0038BFF6,003C1890,00000000,003C2892,00000006), ref: 0038BC1D
                                                                                                                                  • _wcslen.LIBCMT ref: 0038C00F
                                                                                                                                  • SHFileOperationW.SHELL32(?,?,?,?,?,003C2892,00000006), ref: 0038C048
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$CompareCurrentDirectoryFileOperationString
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1016385243-0
                                                                                                                                  • Opcode ID: 6e9e9453cf3ee46ae493da4a8a176fca7b96cc8c1f652840e8ebd34c299d2168
                                                                                                                                  • Instruction ID: 55409090a3aa4d5b11e76e38ced8d079c46d2b9f9344bce9e848736c5a0b0593
                                                                                                                                  • Opcode Fuzzy Hash: 6e9e9453cf3ee46ae493da4a8a176fca7b96cc8c1f652840e8ebd34c299d2168
                                                                                                                                  • Instruction Fuzzy Hash: 18017171D00319A5DF23BBA4DD0AEDF72FCAF08744F0004A5F604E6195EBB496848BA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039A6A4 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 0039A6C5
                                                                                                                                    • Part of subcall function 0039A7FE: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0039DBEC,00000000,?,003980B1,?,00000008,?,0039A871,?,?,?), ref: 0039A830
                                                                                                                                  • HeapReAlloc.KERNEL32(00000000,?,?,?,?,003B30C4,0037187A,?,?,00000007,?,?,?,003713F2,?,00000000), ref: 0039A701
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$AllocAllocate_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2447670028-0
                                                                                                                                  • Opcode ID: c05ee0844c84a93b096e471760a17a770fb98fa46575a0a374a8ad7ecac0e90a
                                                                                                                                  • Instruction ID: fa6c9e23ed6c62c886fdac82d9019ede3399715f2d68aef5907a70834a2422ad
                                                                                                                                  • Opcode Fuzzy Hash: c05ee0844c84a93b096e471760a17a770fb98fa46575a0a374a8ad7ecac0e90a
                                                                                                                                  • Instruction Fuzzy Hash: 24F06832101D1567DF232A656C01F6B376C9FC1BA0B2A4315F8156A591EA309C4095E7
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003823BD Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?), ref: 003823CA
                                                                                                                                  • GetProcessAffinityMask.KERNEL32(00000000), ref: 003823D1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$AffinityCurrentMask
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1231390398-0
                                                                                                                                  • Opcode ID: 9aec6d01aaa0c94adab878c84df54d391701391b3eb1083babc1fb69c1d1a14e
                                                                                                                                  • Instruction ID: 03b296a1f300ba5d4cb7d0c5d6ae249bb2a8d7bdb0b5f70c554ad82e9714209d
                                                                                                                                  • Opcode Fuzzy Hash: 9aec6d01aaa0c94adab878c84df54d391701391b3eb1083babc1fb69c1d1a14e
                                                                                                                                  • Instruction Fuzzy Hash: 6CE0D83AB10205A78F0B97F4AC158EFB3DCDA8430471141B5A503E3500F9F8DD0557A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037B8E6 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0037B5B5,?,?,?,0037B405,?,00000001,00000000,?,?), ref: 0037B8FA
                                                                                                                                    • Part of subcall function 0037CF32: _wcslen.LIBCMT ref: 0037CF56
                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0037B5B5,?,?,?,0037B405,?,00000001,00000000,?,?), ref: 0037B92B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AttributesFile$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2673547680-0
                                                                                                                                  • Opcode ID: eaf10af76f069145f7d658f48b7118e5e6fd02c59abb48f14ff9f6116918b9fd
                                                                                                                                  • Instruction ID: c860f79e6125c53450defa084246cb9d3326c0740a7c83a2c60be382f26ab880
                                                                                                                                  • Opcode Fuzzy Hash: eaf10af76f069145f7d658f48b7118e5e6fd02c59abb48f14ff9f6116918b9fd
                                                                                                                                  • Instruction Fuzzy Hash: A2F0A931104209BBDF22AFA0CC00BDA776CBF093C5F01C060BA58DA164DB71DD94AB20
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037B470 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DeleteFileW.KERNELBASE(?,00000000,?,0037A438,?,?,?,?,0037892B,?,?,?,003A380F,000000FF), ref: 0037B481
                                                                                                                                    • Part of subcall function 0037CF32: _wcslen.LIBCMT ref: 0037CF56
                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000800,?,0037A438,?,?,?,?,0037892B,?,?,?,003A380F,000000FF), ref: 0037B4AF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DeleteFile$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2643169976-0
                                                                                                                                  • Opcode ID: 53b06cd16fd513185a4f5530b211f793800878d335e1c8db4fade7b065c7b48e
                                                                                                                                  • Instruction ID: fd80fbc30fa427b825ef3473c7ac87fd944c1622769c0544cac6c9076c5b4019
                                                                                                                                  • Opcode Fuzzy Hash: 53b06cd16fd513185a4f5530b211f793800878d335e1c8db4fade7b065c7b48e
                                                                                                                                  • Instruction Fuzzy Hash: 8EE092321502096BEB13AB61CC41FDB776DAF09382F448065FA49D6091DB68DD84AB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038BD81 Relevance: 3.0, APIs: 2, Instructions: 26comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GdiplusShutdown.GDIPLUS(?,?,?,?,003A380F,000000FF), ref: 0038BDB5
                                                                                                                                  • OleUninitialize.OLE32(?,?,?,?,003A380F,000000FF), ref: 0038BDBA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: GdiplusShutdownUninitialize
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3856339756-0
                                                                                                                                  • Opcode ID: 20f3fd950d14547909dd7083551d1739299a90e60e023139cf7ab4132ff7dfc8
                                                                                                                                  • Instruction ID: 6bfd6db68acdc74f47f49a05c8c195109b2142652ce79668d5fb3f22591668b7
                                                                                                                                  • Opcode Fuzzy Hash: 20f3fd950d14547909dd7083551d1739299a90e60e023139cf7ab4132ff7dfc8
                                                                                                                                  • Instruction Fuzzy Hash: 1BE06572504A50EFC712DB4DDC05B49FBADFB89B24F104366F41593760CB746801CA90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F002 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _swprintf.LIBCMT ref: 0038F02C
                                                                                                                                    • Part of subcall function 00374A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00374A33
                                                                                                                                  • SetDlgItemTextW.USER32(00000065,?), ref: 0038F043
                                                                                                                                    • Part of subcall function 0038C758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0038C769
                                                                                                                                    • Part of subcall function 0038C758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0038C77A
                                                                                                                                    • Part of subcall function 0038C758: IsDialogMessageW.USER32(00010440,?), ref: 0038C78E
                                                                                                                                    • Part of subcall function 0038C758: TranslateMessage.USER32(?), ref: 0038C79C
                                                                                                                                    • Part of subcall function 0038C758: DispatchMessageW.USER32(?), ref: 0038C7A6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2718869927-0
                                                                                                                                  • Opcode ID: 11a1efe730e7e174ce0f87bc719474e1772a57e7521f8b0441c0fadd581683b3
                                                                                                                                  • Instruction ID: 858e3a39630e7c4ece2bdcf2eccba140d68547694baef59f0009af8ecd7b3b64
                                                                                                                                  • Opcode Fuzzy Hash: 11a1efe730e7e174ce0f87bc719474e1772a57e7521f8b0441c0fadd581683b3
                                                                                                                                  • Instruction Fuzzy Hash: 42E092764147487ADF13B765DC0AFAA3AAC6F0538AF0404A1B3459A1A2D6B8D6108B62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037B4D3 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,0037B4CA,?,00378042,?), ref: 0037B4E4
                                                                                                                                    • Part of subcall function 0037CF32: _wcslen.LIBCMT ref: 0037CF56
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,?,0037B4CA,?,00378042,?), ref: 0037B510
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AttributesFile$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2673547680-0
                                                                                                                                  • Opcode ID: 796605556a8d428f95021b4c634b4a854e197f2c6843a8ac7689c00bb6e0ccd8
                                                                                                                                  • Instruction ID: e7b4c6b27e1db5c56f90e5fdc76db6f1501301fd7e50589eebdbc0431fc63cd7
                                                                                                                                  • Opcode Fuzzy Hash: 796605556a8d428f95021b4c634b4a854e197f2c6843a8ac7689c00bb6e0ccd8
                                                                                                                                  • Instruction Fuzzy Hash: 39E012315402286BCB22EB64DC09BD9B76CAB4A3E1F054160FE59E7195D7B49D409BD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00381B3B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00381B56
                                                                                                                                  • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0038063A,Crypt32.dll,00000000,003806B4,00000200,?,00380697,00000000,00000000,?), ref: 00381B78
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryLibraryLoadSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1175261203-0
                                                                                                                                  • Opcode ID: 4013ca35af91629a81296d27364f06547c47317e47dc544c16978b7427fbf96b
                                                                                                                                  • Instruction ID: e48cf8f6d49080a51df2ffb5c9dafe79a4674b1e26694081957dac8801f186aa
                                                                                                                                  • Opcode Fuzzy Hash: 4013ca35af91629a81296d27364f06547c47317e47dc544c16978b7427fbf96b
                                                                                                                                  • Instruction Fuzzy Hash: DBE048765002186BDB12A7A4DC04FDB776CEF493C1F0404B5B649D2004DAB4DA84DBB0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038B3C8 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0038B3E9
                                                                                                                                  • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 0038B3F0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BitmapCreateFromGdipStream
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1918208029-0
                                                                                                                                  • Opcode ID: b8196fb156199642a9ebf74a61b956152d7a8f0d451ffa4048023ee6fb72b94c
                                                                                                                                  • Instruction ID: 89132f0d788fb50bb207ecbcf296caffeb277a3a2ca8d6418aabd0209cae6727
                                                                                                                                  • Opcode Fuzzy Hash: b8196fb156199642a9ebf74a61b956152d7a8f0d451ffa4048023ee6fb72b94c
                                                                                                                                  • Instruction Fuzzy Hash: 67E0ED75500318EFCB11EF99C541699B7E8EB04350F2080AAE99597710D3B4AE489B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00393D1C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00393D3A
                                                                                                                                  • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00393D45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1660781231-0
                                                                                                                                  • Opcode ID: fc711138d7e1121ce238fa872c058abb271353618671944b8794b4748e0f7e19
                                                                                                                                  • Instruction ID: e1a4c4bd64caf7f440d4a100349fb122c1f699ab7eed39ddd28e9387a2c7cb05
                                                                                                                                  • Opcode Fuzzy Hash: fc711138d7e1121ce238fa872c058abb271353618671944b8794b4748e0f7e19
                                                                                                                                  • Instruction Fuzzy Hash: 2BD022FA848B02148C0B33783C2388B9348A811B7CBB01746F1309E5C6EF20CA026422
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003712D1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemShowWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3351165006-0
                                                                                                                                  • Opcode ID: fd86fc1db1245c79d1e07199a86bb524a337455a408fda655f8997d5b7a1d491
                                                                                                                                  • Instruction ID: ac78b02d5b2949b567a4f0c9a5397d5e9b0813fde178fccd49ee151900ebe956
                                                                                                                                  • Opcode Fuzzy Hash: fd86fc1db1245c79d1e07199a86bb524a337455a408fda655f8997d5b7a1d491
                                                                                                                                  • Instruction Fuzzy Hash: 71C01232058A11BECF020BB0EC09E2ABFACABA4312F10CA0AF0A6C1060C239C010DB11
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003712B3 Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 003712C1
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(00000000), ref: 003712C8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CallbackDispatcherItemUser
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4250310104-0
                                                                                                                                  • Opcode ID: 7e006419690c58e7e635b151f044d957302a8c7d0e917ce9ec0e369953df333d
                                                                                                                                  • Instruction ID: f1b50f786e7e81abf9415c55c9c7bf2d0afb3259fac4015acf37e28340322c0d
                                                                                                                                  • Opcode Fuzzy Hash: 7e006419690c58e7e635b151f044d957302a8c7d0e917ce9ec0e369953df333d
                                                                                                                                  • Instruction Fuzzy Hash: 74C04C76409650FFCF025BB4AD0CD2FBFBDAB94312F50C90AB1A581020C6358410DF11
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00371AD3 Relevance: 1.8, APIs: 1, Instructions: 319COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 40ecb6d111dd4d8957267afa10d82cf37f8c50122fdaa2af0c0ac6e38f10449f
                                                                                                                                  • Instruction ID: fbf42891f3fab047a784a6c169a9385f23b8747ac498021b4ce263b366ce15b5
                                                                                                                                  • Opcode Fuzzy Hash: 40ecb6d111dd4d8957267afa10d82cf37f8c50122fdaa2af0c0ac6e38f10449f
                                                                                                                                  • Instruction Fuzzy Hash: FFC1D572A002559FDF37CF6CC8847AD7BA5AF46310F1980B9EC099F686C7399A44CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003742F1 Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 77dcf28393de51a1ecb6d4108564eb9961aeabc694c5e7b619ecb92be2632da0
                                                                                                                                  • Instruction ID: 70bc8ec016507eb07ce8786383d696c115f75caef730a2007e99d527ea41d0db
                                                                                                                                  • Opcode Fuzzy Hash: 77dcf28393de51a1ecb6d4108564eb9961aeabc694c5e7b619ecb92be2632da0
                                                                                                                                  • Instruction Fuzzy Hash: 6971A0B1504B899FDB33EB74C851AE7B7E8BF05300F04896EA2AF46581DB787604CB11
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003790A2 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 003790A7
                                                                                                                                    • Part of subcall function 003713F8: __EH_prolog.LIBCMT ref: 003713FD
                                                                                                                                    • Part of subcall function 00372032: __EH_prolog.LIBCMT ref: 00372037
                                                                                                                                    • Part of subcall function 0037B966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0037B991
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog$CloseFind
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2506663941-0
                                                                                                                                  • Opcode ID: 150d958a1f937310bae984f17d3247e36732c780b1170e34c36dd0bc488d4436
                                                                                                                                  • Instruction ID: 7c0a8c3bff0d7e200b1b4ad4fd3c258399defcc9fba31ce6a7f13f447d0fa390
                                                                                                                                  • Opcode Fuzzy Hash: 150d958a1f937310bae984f17d3247e36732c780b1170e34c36dd0bc488d4436
                                                                                                                                  • Instruction Fuzzy Hash: 3441A7719042189EDB36EB60C8A5BEA7379AF04340F4445EAF54EA7083DB795F88CF10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003713FD Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 003713FD
                                                                                                                                    • Part of subcall function 00376891: __EH_prolog.LIBCMT ref: 00376896
                                                                                                                                    • Part of subcall function 0037E298: __EH_prolog.LIBCMT ref: 0037E29D
                                                                                                                                    • Part of subcall function 0037644D: __EH_prolog.LIBCMT ref: 00376452
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 7aa97b992a00425d7a1208b4a746ab79e38bf2184cfd76479046c3b4950518f5
                                                                                                                                  • Instruction ID: 2bef1323bead9d237142753375a26a995dffe321edb076123466ed6510f47a2d
                                                                                                                                  • Opcode Fuzzy Hash: 7aa97b992a00425d7a1208b4a746ab79e38bf2184cfd76479046c3b4950518f5
                                                                                                                                  • Instruction Fuzzy Hash: 7C5146B19063808ECB25DF2994812D9BBF5AF59300F0842BEEC5DCF69BD7755214CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003713F8 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 003713FD
                                                                                                                                    • Part of subcall function 00376891: __EH_prolog.LIBCMT ref: 00376896
                                                                                                                                    • Part of subcall function 0037E298: __EH_prolog.LIBCMT ref: 0037E29D
                                                                                                                                    • Part of subcall function 0037644D: __EH_prolog.LIBCMT ref: 00376452
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: a39c30ac7531fa495a5d4612e45e4893af4ec0b4bd9e01ed950455f254bc6c96
                                                                                                                                  • Instruction ID: 7550441ceb90c06721b4f9f3f4c552cf37f2af9b554a134bf2a1e090ae8aa0f6
                                                                                                                                  • Opcode Fuzzy Hash: a39c30ac7531fa495a5d4612e45e4893af4ec0b4bd9e01ed950455f254bc6c96
                                                                                                                                  • Instruction Fuzzy Hash: B15145B19063808ECB25DF6994812D9BBF5AF5A300F0842BEEC5DCF68BD7751214CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038C217 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 0038C21C
                                                                                                                                    • Part of subcall function 003713F8: __EH_prolog.LIBCMT ref: 003713FD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 698686858d3af002cfbe241e98a0970798f53b09898618060bcf3e3df1332de8
                                                                                                                                  • Instruction ID: cc3abaa3e1a3feea6a4a2746293ad1f297219685ba73392f3b33bc927d6bcf3f
                                                                                                                                  • Opcode Fuzzy Hash: 698686858d3af002cfbe241e98a0970798f53b09898618060bcf3e3df1332de8
                                                                                                                                  • Instruction Fuzzy Hash: 39216B72814319AFCF26EF98C8419EEB7B4BF05304F1044AAE809B7241D7796A45EB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039BE58 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,003A4ADC), ref: 0039BEB8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 190572456-0
                                                                                                                                  • Opcode ID: 3fb4640ad71c1bf2b172cad2eee200033f32afa7b8716f22d42a30da189feb4e
                                                                                                                                  • Instruction ID: f7883f8592a5399347653cbd491e90a55f56bba9987abe4ef90192d7736e2a52
                                                                                                                                  • Opcode Fuzzy Hash: 3fb4640ad71c1bf2b172cad2eee200033f32afa7b8716f22d42a30da189feb4e
                                                                                                                                  • Instruction Fuzzy Hash: 2A11BC33E005259FDF279E29F9419ABB3ADAB80364B164220EB55AB244DB31EC018AD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037A475 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 554fb61a81906a4fdff150e28db6137fe1d898bd9ee3c9b99a6ff42a11749557
                                                                                                                                  • Instruction ID: c417ade2de8c5c0be824de7d9ec751a73c0514bb187f00aed66d75ef75581443
                                                                                                                                  • Opcode Fuzzy Hash: 554fb61a81906a4fdff150e28db6137fe1d898bd9ee3c9b99a6ff42a11749557
                                                                                                                                  • Instruction Fuzzy Hash: 911194369009299B8B37EB69C885ABEB7B4AF84710B018119F819BB341D7799D018791
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038EBA2 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 0038EBA7
                                                                                                                                    • Part of subcall function 00381983: _wcslen.LIBCMT ref: 00381999
                                                                                                                                    • Part of subcall function 00378823: __EH_prolog.LIBCMT ref: 00378828
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2838827086-0
                                                                                                                                  • Opcode ID: 8e0d9e66e9406cdef154fbd90f77add6812170a5ca06e9d54b6f06dc7cfb44a6
                                                                                                                                  • Instruction ID: 3a041d5a1584df7c0a51b86fd76d482766484e15917a6e923749ef18f052bddb
                                                                                                                                  • Opcode Fuzzy Hash: 8e0d9e66e9406cdef154fbd90f77add6812170a5ca06e9d54b6f06dc7cfb44a6
                                                                                                                                  • Instruction Fuzzy Hash: 5E11C435518244AED717EB69AC06FDC7FA8DB15310F0080AEF148DA292DFB42A84CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039D639 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0039C2F6: RtlAllocateHeap.NTDLL(00000008,003A4ADC,00000000,?,0039A5CA,00000001,00000364,?,?,?,0037ECA4,?,?,?,00000004,0037EA30), ref: 0039C337
                                                                                                                                  • _free.LIBCMT ref: 0039D6A5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 614378929-0
                                                                                                                                  • Opcode ID: 7d30b6ea8507d2c13b34e354a80f4644266152c8881b27fa68bdf41323802f68
                                                                                                                                  • Instruction ID: 6b58c7e07aacae3a12ec1a51388763954149d4992b8c8e653250d0cabd937cf7
                                                                                                                                  • Opcode Fuzzy Hash: 7d30b6ea8507d2c13b34e354a80f4644266152c8881b27fa68bdf41323802f68
                                                                                                                                  • Instruction Fuzzy Hash: C5014E732003055BEB229F59CC42D5AFBECFB95330F65061DE5D847280E630A805C774
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039C2F6 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,003A4ADC,00000000,?,0039A5CA,00000001,00000364,?,?,?,0037ECA4,?,?,?,00000004,0037EA30), ref: 0039C337
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 1d13e5d9f8306aebdd3f74d30bc94e3ce89a397d3f79c1350db78863db09758e
                                                                                                                                  • Instruction ID: 722650edda6e8526570bef8f8e70ab68a78e727e105dae751408fa4dee20f76f
                                                                                                                                  • Opcode Fuzzy Hash: 1d13e5d9f8306aebdd3f74d30bc94e3ce89a397d3f79c1350db78863db09758e
                                                                                                                                  • Instruction Fuzzy Hash: 14F0E939621524A7DF235B659C86B9B374C9F857A1B16E111F808DB190DB38D900D2E1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039A7FE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0039DBEC,00000000,?,003980B1,?,00000008,?,0039A871,?,?,?), ref: 0039A830
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 738ddf3b3007c4440c4eebec379d0df41d7d6d2de23634b0dfd4d9402fd45297
                                                                                                                                  • Instruction ID: 65b93b5e3782c5e1020099112ebb7faf0959277d51be02687539b66e10fe2dba
                                                                                                                                  • Opcode Fuzzy Hash: 738ddf3b3007c4440c4eebec379d0df41d7d6d2de23634b0dfd4d9402fd45297
                                                                                                                                  • Instruction Fuzzy Hash: 97E06531609E2156EE332666AC05B6B3E4CDB827A0F160321EC1996192DF60CC02C1E3
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037A880 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,0037A83D,?,?,?,?,?,003A380F,000000FF), ref: 0037A89B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ChangeCloseFindNotification
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2591292051-0
                                                                                                                                  • Opcode ID: cc35542d5378903306d03c2a47d99e34e3a5bc931e8ce267abdef60f9df30e64
                                                                                                                                  • Instruction ID: 3089d73e5a7e6c6c771c1bd59c2e370ce2d57aa7c2a1c7081c4e8c8a7bfc5539
                                                                                                                                  • Opcode Fuzzy Hash: cc35542d5378903306d03c2a47d99e34e3a5bc931e8ce267abdef60f9df30e64
                                                                                                                                  • Instruction Fuzzy Hash: AFF0E930081F11AFDB328A24C488796FBE4AF52325F058B5ED0EB438E4D368658E9642
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037B966 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0037BA94: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0037B98B,000000FF,?,?), ref: 0037BABD
                                                                                                                                    • Part of subcall function 0037BA94: FindFirstFileW.KERNEL32(?,?,?,?,00000800,?,?,?,?,0037B98B,000000FF,?,?), ref: 0037BAEB
                                                                                                                                    • Part of subcall function 0037BA94: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0037B98B,000000FF,?,?), ref: 0037BAF7
                                                                                                                                  • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0037B991
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$FileFirst$CloseErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1464966427-0
                                                                                                                                  • Opcode ID: 0d01404644fbf12672b41ee9e7601c05fc54ff962baa746c36335b8790fdbdf4
                                                                                                                                  • Instruction ID: abee2a0ca3ca031133dc0620f7bb61aa036c90a10ca92e5509a1a91740b32301
                                                                                                                                  • Opcode Fuzzy Hash: 0d01404644fbf12672b41ee9e7601c05fc54ff962baa746c36335b8790fdbdf4
                                                                                                                                  • Instruction Fuzzy Hash: 23F05E32008790AACA736BB448057CAFBE45F1B335F10CA49F3FD52292C3B850959722
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00382128 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetThreadExecutionState.KERNEL32(00000001), ref: 0038215D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExecutionStateThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2211380416-0
                                                                                                                                  • Opcode ID: 6cdb0c8e0aca5221987408bf2498abeab35923793502e27f96d4983919e4a636
                                                                                                                                  • Instruction ID: 8a57ef8c22a4638652c528f5387dd708f8865dd8cb7333fddf0f156eab4aa1fb
                                                                                                                                  • Opcode Fuzzy Hash: 6cdb0c8e0aca5221987408bf2498abeab35923793502e27f96d4983919e4a636
                                                                                                                                  • Instruction Fuzzy Hash: 13D0122171422056DA27373868597FE1A4A6FD6324F1A00E6B70A5B2978B98094293B5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038B636 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GdipAlloc.GDIPLUS(00000010), ref: 0038B63C
                                                                                                                                    • Part of subcall function 0038B3C8: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0038B3E9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1915507550-0
                                                                                                                                  • Opcode ID: 67c6c0b1a9f8045d953eebf11179e7c179da5fb7bf356439fdf6af47a3be8cb5
                                                                                                                                  • Instruction ID: 2da456c47ecab2b52d5fabc1b26086cfd7c73d46ad3f11990d83ff8875ca25af
                                                                                                                                  • Opcode Fuzzy Hash: 67c6c0b1a9f8045d953eebf11179e7c179da5fb7bf356439fdf6af47a3be8cb5
                                                                                                                                  • Instruction Fuzzy Hash: DED0A73020430ABADF033B608C02A7EBA989B00340F008071B90199191FBF1D9205351
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F747 Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DloadProtectSection.DELAYIMP ref: 0038F76F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DloadProtectSection
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2203082970-0
                                                                                                                                  • Opcode ID: 33fddb9b7941e4e25a4913c2a5867f7ffa186b5f70b848f6d8d5fda299f9b7fb
                                                                                                                                  • Instruction ID: eab3472b9e9dc53f90f713431c42fe14e7e3d43df58087d250ea58004850e11e
                                                                                                                                  • Opcode Fuzzy Hash: 33fddb9b7941e4e25a4913c2a5867f7ffa186b5f70b848f6d8d5fda299f9b7fb
                                                                                                                                  • Instruction Fuzzy Hash: F3D012385593149EE213FB74BC4675423A9F309388F5505B2F55185291C7644B508B12
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038EEBD Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00382E88), ref: 0038EEE2
                                                                                                                                    • Part of subcall function 0038C758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0038C769
                                                                                                                                    • Part of subcall function 0038C758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0038C77A
                                                                                                                                    • Part of subcall function 0038C758: IsDialogMessageW.USER32(00010440,?), ref: 0038C78E
                                                                                                                                    • Part of subcall function 0038C758: TranslateMessage.USER32(?), ref: 0038C79C
                                                                                                                                    • Part of subcall function 0038C758: DispatchMessageW.USER32(?), ref: 0038C7A6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 897784432-0
                                                                                                                                  • Opcode ID: e3cebd4ce8c16196f651e2bfe70c02e550766ed29df39ef2d92da55e9e579432
                                                                                                                                  • Instruction ID: 91cb0551a8338c4a8f635e447ec3f47f0618b4a5b48f5cb782b9257c6ec97916
                                                                                                                                  • Opcode Fuzzy Hash: e3cebd4ce8c16196f651e2bfe70c02e550766ed29df39ef2d92da55e9e579432
                                                                                                                                  • Instruction Fuzzy Hash: 16D09E31155700BED6033B51DD06F0A7BE6BB98B09F004595B345340B186629D219B12
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037AB1C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileType.KERNELBASE(000000FF,0037AA1E), ref: 0037AB28
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileType
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3081899298-0
                                                                                                                                  • Opcode ID: bf3183d22e0a73cd3c0f0eb26b0bb509129f7564b2ed9345a9150ea05f6b3715
                                                                                                                                  • Instruction ID: b6acff0298e870033d2ddab056b56e9451f5dd093aaed8bb6fd1f15af31b63fa
                                                                                                                                  • Opcode Fuzzy Hash: bf3183d22e0a73cd3c0f0eb26b0bb509129f7564b2ed9345a9150ea05f6b3715
                                                                                                                                  • Instruction Fuzzy Hash: E4C01234000505C58E324B24984405D7623EAD23667B5D395C06CC50E1C32A8C43F502
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F32B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: efd1e3c6fb6fcd05d046af64ede7d0689623d0afdbc7ca823cc70a3f39608cf2
                                                                                                                                  • Instruction ID: 7884bc7dc70463c6153d6fe9ede35089058f43bd93aab85a5c2bac29f23c97e0
                                                                                                                                  • Opcode Fuzzy Hash: efd1e3c6fb6fcd05d046af64ede7d0689623d0afdbc7ca823cc70a3f39608cf2
                                                                                                                                  • Instruction Fuzzy Hash: 5BB0128A2682037F3A0771503C07D76031CC5C0B11330407FF001C4440E4C40C011131
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F378 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: d1a552d1d6e41eeae679169aa777a71262a983600682de80f94134c0bbb3ffb9
                                                                                                                                  • Instruction ID: 8508c7e1b6e44b78db2f9741abc85e242c34c1456803cd5d9df8e91bf585e955
                                                                                                                                  • Opcode Fuzzy Hash: d1a552d1d6e41eeae679169aa777a71262a983600682de80f94134c0bbb3ffb9
                                                                                                                                  • Instruction Fuzzy Hash: 9BB0128E2693037E3A47B1543C03E37031CC1C1B11334407FF001C4540D4C00C011331
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F364 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: ae3d391146d3b8946c41efd2dbc65a921169a80e9a561dfaf76277d2e558c36f
                                                                                                                                  • Instruction ID: 2165329a6a554c8f3b6bf9a8a83e7578388cc2621b37eae0159a5760b11d3fd5
                                                                                                                                  • Opcode Fuzzy Hash: ae3d391146d3b8946c41efd2dbc65a921169a80e9a561dfaf76277d2e558c36f
                                                                                                                                  • Instruction Fuzzy Hash: B1B0128E2693027E3E87B1543C03E37035CC1C0B10334417FF001C4540D4C00C415231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F35A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 3ff6fd0be78edab1d8bfc03cfd46876df553eddf053635fda7bbfac664f43e2e
                                                                                                                                  • Instruction ID: b9d1f4e1810b0581a9d1e622054c846c5553eb916a6dd5b244d0459bc3694c29
                                                                                                                                  • Opcode Fuzzy Hash: 3ff6fd0be78edab1d8bfc03cfd46876df553eddf053635fda7bbfac664f43e2e
                                                                                                                                  • Instruction Fuzzy Hash: 30B0128E2693027E3A47B1543C03E3B031CC1C1B14334807FF401C4540D4C00C011231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F350 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: dfa9a6f257265c3171112f4e15207d2d65e67617c9ea9f0ebd3db83f3ff06e7a
                                                                                                                                  • Instruction ID: 46f3766ff557f558f622c55d3e76d7be98fd30d93732196f72b1e35a4ff07d79
                                                                                                                                  • Opcode Fuzzy Hash: dfa9a6f257265c3171112f4e15207d2d65e67617c9ea9f0ebd3db83f3ff06e7a
                                                                                                                                  • Instruction Fuzzy Hash: 4EB0128A278303BE3A47B1587C03E36032CC1C0B11330417FF001C4540D4C00C011631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F346 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: f33e3e603a8096d935636b4709ea6168c519f20f42257c64a64eea8fbb7f699a
                                                                                                                                  • Instruction ID: 205b64ecc72bc9db0e96b9ae724762d4f7de7c5a1c04c0e147cbb379db65b47f
                                                                                                                                  • Opcode Fuzzy Hash: f33e3e603a8096d935636b4709ea6168c519f20f42257c64a64eea8fbb7f699a
                                                                                                                                  • Instruction Fuzzy Hash: 4AB0128A268202BE3A47B1587D03E36032CC1C0B10330427FF001C8540D4C00C021231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F3BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 79e2aba0fca44df9055eca815a508705d48681d983602a8af9dbfad60a2ad43b
                                                                                                                                  • Instruction ID: 971e36664420e44a8eb4f82e348abb0e0b3995c64c9ebdf7ab4ae92950985a18
                                                                                                                                  • Opcode Fuzzy Hash: 79e2aba0fca44df9055eca815a508705d48681d983602a8af9dbfad60a2ad43b
                                                                                                                                  • Instruction Fuzzy Hash: 55B0129A2682027E3A47B1643D03E36031CC1C0B11330407FF001C8540D4C00D021231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F3AA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 2a56ebbe579257c463cf15f22c8e0ca558c3367f31cbb5bfeb87b0ec6b087feb
                                                                                                                                  • Instruction ID: f3508a02ac376c3558a3a29c170c45ac9c9dfff5ca9de10b7f5ebc9c506573c2
                                                                                                                                  • Opcode Fuzzy Hash: 2a56ebbe579257c463cf15f22c8e0ca558c3367f31cbb5bfeb87b0ec6b087feb
                                                                                                                                  • Instruction Fuzzy Hash: 8CB0129A2682027E3A47B1643C03E3A031CC1C1B15330807FF401C4540D4C00C011231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F3A0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 4cb8614ad8f544cee4819d217fccbfd7bab6512f3c3685e545b09099020e60f6
                                                                                                                                  • Instruction ID: bb565797ae51f0a43ca1741e3d5afa962e657f98a25d147753e0d5ab7ad3a000
                                                                                                                                  • Opcode Fuzzy Hash: 4cb8614ad8f544cee4819d217fccbfd7bab6512f3c3685e545b09099020e60f6
                                                                                                                                  • Instruction Fuzzy Hash: EFB0128A2682037E3A47B1943C03E36032CC1C0B11330847FF001C4740D4C00C051231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F396 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: c18663da33a98afe64f05da7744266e64e855b5722553744bcea1484f53c0f16
                                                                                                                                  • Instruction ID: d362080da2af216827555d1074ffaca2ad477b87cfe979b527f1369a6870e419
                                                                                                                                  • Opcode Fuzzy Hash: c18663da33a98afe64f05da7744266e64e855b5722553744bcea1484f53c0f16
                                                                                                                                  • Instruction Fuzzy Hash: D9B0128A2682027E3A47B1543D03E36032CC1C0B10330807FF001C8740D4D00C0A1231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F38C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 59d5007ab9a2dd415ee62831eb8d1a1b1f40451cb626b34026135f3305a03fb9
                                                                                                                                  • Instruction ID: c2b8a8e083725d91f73e3a38973680549629d774ee24996f0623fc82582b1a10
                                                                                                                                  • Opcode Fuzzy Hash: 59d5007ab9a2dd415ee62831eb8d1a1b1f40451cb626b34026135f3305a03fb9
                                                                                                                                  • Instruction Fuzzy Hash: E2B0128A2683027E3A87B1543C03E36032CC1C0B10330817FF001C4740D4C00C451231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F382 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 555c8f964c15744270187e5c4c767a2b33c4eb0335dce64578ea7db61aa0a8c7
                                                                                                                                  • Instruction ID: 029eebeeb441fbcf46ad34b14d59c53f638d54026e9d87580103acbf09deab69
                                                                                                                                  • Opcode Fuzzy Hash: 555c8f964c15744270187e5c4c767a2b33c4eb0335dce64578ea7db61aa0a8c7
                                                                                                                                  • Instruction Fuzzy Hash: F3B0128A2682027E3A47B5543C03E3A032CC1C1B14330C07FF401C4740D4C00C051231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F3DC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: e8d1e648a32245b9ebd16ce940e1ef3874137c5571e01a870d5ffb065cba04cf
                                                                                                                                  • Instruction ID: 717e706aaf32d2b1b0d13eb85e10e2986a4e3ee0eaf757afcd1e7fbbc37551b5
                                                                                                                                  • Opcode Fuzzy Hash: e8d1e648a32245b9ebd16ce940e1ef3874137c5571e01a870d5ffb065cba04cf
                                                                                                                                  • Instruction Fuzzy Hash: A8B0129A26A3027E3A87B2943C13E36031CC1C0B10330417FF001C4540D4C00C411231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F3C8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 4c51210f2b01f4092fd859559b9979913ccb7ab19e5e7bc7228f34d5955b9554
                                                                                                                                  • Instruction ID: 64c3eb94eae537ad9e7512d1c16f290d3f86580b2d8e741430ce06b65aed27bd
                                                                                                                                  • Opcode Fuzzy Hash: 4c51210f2b01f4092fd859559b9979913ccb7ab19e5e7bc7228f34d5955b9554
                                                                                                                                  • Instruction Fuzzy Hash: ABB0129A2682037E3A47B1657C03E36031CC1C0B12330407FF001C8540D4C00C011231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F57D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F556
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 80da9607242bf62e666b6b3c2a5bf9dc5057dce37f51e48616b71a9858515ed6
                                                                                                                                  • Instruction ID: 16356ff93fa1ffe6ec0e5fb3146e40129459e166e34026f437258c0f79d64a1d
                                                                                                                                  • Opcode Fuzzy Hash: 80da9607242bf62e666b6b3c2a5bf9dc5057dce37f51e48616b71a9858515ed6
                                                                                                                                  • Instruction Fuzzy Hash: 4AB012C62E97007F320772553C13E36010CC0C7B11330807BF001C5540D5804D400331
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F573 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F556
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: cccbe13bdbc5f0c40c60d1db3723497b146ab8f9073d02f8c5e08a0f9ae4b1d2
                                                                                                                                  • Instruction ID: f7e5353fb22164359e2564f08204fb48bb577be9d338733c3cd40ecbbfe48c01
                                                                                                                                  • Opcode Fuzzy Hash: cccbe13bdbc5f0c40c60d1db3723497b146ab8f9073d02f8c5e08a0f9ae4b1d2
                                                                                                                                  • Instruction Fuzzy Hash: E0B012C62A97007F370772553C03D36014CC4C6B10330417BF001C5540D5804D840231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F5A5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F556
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: daba16edf00dc46e3ab9458c0d6f93d65cc91b0c1c705152cc876e07486cec13
                                                                                                                                  • Instruction ID: e00496b8795848a02ec191339daf779cb2388ad85c39dd4285d288e079fc4318
                                                                                                                                  • Opcode Fuzzy Hash: daba16edf00dc46e3ab9458c0d6f93d65cc91b0c1c705152cc876e07486cec13
                                                                                                                                  • Instruction Fuzzy Hash: 30B012C62B86007F320772557C13E36010CC0C6B11330827BF001C5540D5804D400231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F6BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F6AB
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 369efe63492e71aa8864720bc534b4842290f2ed5a69851aca8b8979866bba94
                                                                                                                                  • Instruction ID: 33d160604f1ec047261e285c28d2b6bd921086c2efdb316ccd4d0605234378b3
                                                                                                                                  • Opcode Fuzzy Hash: 369efe63492e71aa8864720bc534b4842290f2ed5a69851aca8b8979866bba94
                                                                                                                                  • Instruction Fuzzy Hash: 5BB012C73782017D320771643D03D36010CC0C4B14330837BF001C8584E5810C050731
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F6B4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F6AB
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 48b7df76310f6653c39082504ffd138496fe655d052d94fa51da512c725414ed
                                                                                                                                  • Instruction ID: 623c3d180d85d8770f45096d706f665d9840e801f87d0c16d8324e68df885086
                                                                                                                                  • Opcode Fuzzy Hash: 48b7df76310f6653c39082504ffd138496fe655d052d94fa51da512c725414ed
                                                                                                                                  • Instruction Fuzzy Hash: 4CB012C73783017D330771643C03D36010CC4C4B14330437BF001C4684E5810C480731
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F699 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F6AB
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 3874137847e3cc1ec35029b1d259e64a6eb2bfe3524cfe88c275bb226a73417e
                                                                                                                                  • Instruction ID: 2db4145fa6c37b469ee7c204cfdc1c81c8c27bd2244148cc4ee59843f2797721
                                                                                                                                  • Opcode Fuzzy Hash: 3874137847e3cc1ec35029b1d259e64a6eb2bfe3524cfe88c275bb226a73417e
                                                                                                                                  • Instruction Fuzzy Hash: AAB0128B3792017D32073150BD03C36010CC8C0B14330837BF001D8481A4810C050231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F6D2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F6AB
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: de92572752db998014f1cb955a89714bfc18c2b39d0e5d64123a2bff87247944
                                                                                                                                  • Instruction ID: 8dda5bbd188dd42fb0d4ac1b1625b4900f1c938ea8b661a12c2d8294c96851fa
                                                                                                                                  • Opcode Fuzzy Hash: de92572752db998014f1cb955a89714bfc18c2b39d0e5d64123a2bff87247944
                                                                                                                                  • Instruction Fuzzy Hash: 3BB01287378201BD330771543C03D3A011CC0C4B14330837BF401C9584E4800C040331
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F6C8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F6AB
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 8e34a9a543c339d19f45ef2771d5a80a763a552d8122d41a796dcc798ba854b0
                                                                                                                                  • Instruction ID: 59b4b7f7a1e71db1885aa6b95d4b393792307008b750e4346fbc2601256e1c47
                                                                                                                                  • Opcode Fuzzy Hash: 8e34a9a543c339d19f45ef2771d5a80a763a552d8122d41a796dcc798ba854b0
                                                                                                                                  • Instruction Fuzzy Hash: 39B012CB3782017D320771643C13E36010CC0C4B15330837BF001C4984E5800C040731
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F73D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F70C
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: beba9e616cf8a8fd6d820b74642042e54c8602d4eab00a50c2905032305863a1
                                                                                                                                  • Instruction ID: 7bfb2580dd494584ba3f72a263a68548ce60fb032763f816ca7e087b3e7d99ce
                                                                                                                                  • Opcode Fuzzy Hash: beba9e616cf8a8fd6d820b74642042e54c8602d4eab00a50c2905032305863a1
                                                                                                                                  • Instruction Fuzzy Hash: ABB012862683007E360771543C03E3A010CC4C5B14330847BF401CD540D4844C440331
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F733 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F70C
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 7b81670d4c5ad21ed3eabab69a57721f1f650f683c58af1e63ed40f19f70711d
                                                                                                                                  • Instruction ID: a6f819809aef16de5dc18659b0b4370884f933aa04e1ee8995f1c4916f46b358
                                                                                                                                  • Opcode Fuzzy Hash: 7b81670d4c5ad21ed3eabab69a57721f1f650f683c58af1e63ed40f19f70711d
                                                                                                                                  • Instruction Fuzzy Hash: FAB012862683007E364771543C03E36010CC4C4B10330497BF001C8540D4844C800331
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F71F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F70C
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: b15906bd9f85a0dd43d8a459e384bd3c553c6b3f2d5d466d07af8398b85b9973
                                                                                                                                  • Instruction ID: b6cce791159fa4abdd7e81b470efe779c0777cfd58f09c1a6b8d6ef301563c3b
                                                                                                                                  • Opcode Fuzzy Hash: b15906bd9f85a0dd43d8a459e384bd3c553c6b3f2d5d466d07af8398b85b9973
                                                                                                                                  • Instruction Fuzzy Hash: 74B012C62683007E360771543D03E36010CC4C4B10330447BF002CC540D5C04D410331
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F373 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 92bdc965ecff07457d37c3dc14eee4e14660df7601d0d6c572af3fa09ee1cf3b
                                                                                                                                  • Instruction ID: 41af962bce489684666cd52b765f9c34c5e6e6eac3a6b21244a81fd39284a520
                                                                                                                                  • Opcode Fuzzy Hash: 92bdc965ecff07457d37c3dc14eee4e14660df7601d0d6c572af3fa09ee1cf3b
                                                                                                                                  • Instruction Fuzzy Hash: F0A0019A2A9203BE3A4AB2A17D17D7A032CC5C5B6533489AEF40288881A9C41C466631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F3B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: b93f56bdeac1e9861e4b18350115ff305d3886c265ae826c67a828a458b6204b
                                                                                                                                  • Instruction ID: 41af962bce489684666cd52b765f9c34c5e6e6eac3a6b21244a81fd39284a520
                                                                                                                                  • Opcode Fuzzy Hash: b93f56bdeac1e9861e4b18350115ff305d3886c265ae826c67a828a458b6204b
                                                                                                                                  • Instruction Fuzzy Hash: F0A0019A2A9203BE3A4AB2A17D17D7A032CC5C5B6533489AEF40288881A9C41C466631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F3FF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 8c69f683957e0dd35cae5fcbd9cb802c5f44a3fc91e67b5f0846eb1f188e2f04
                                                                                                                                  • Instruction ID: 41af962bce489684666cd52b765f9c34c5e6e6eac3a6b21244a81fd39284a520
                                                                                                                                  • Opcode Fuzzy Hash: 8c69f683957e0dd35cae5fcbd9cb802c5f44a3fc91e67b5f0846eb1f188e2f04
                                                                                                                                  • Instruction Fuzzy Hash: F0A0019A2A9203BE3A4AB2A17D17D7A032CC5C5B6533489AEF40288881A9C41C466631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F3F5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 3c24e983e95b35d4251ccb1f17bf75b957ee7a422b2b7e602aaa985c64444e21
                                                                                                                                  • Instruction ID: 41af962bce489684666cd52b765f9c34c5e6e6eac3a6b21244a81fd39284a520
                                                                                                                                  • Opcode Fuzzy Hash: 3c24e983e95b35d4251ccb1f17bf75b957ee7a422b2b7e602aaa985c64444e21
                                                                                                                                  • Instruction Fuzzy Hash: F0A0019A2A9203BE3A4AB2A17D17D7A032CC5C5B6533489AEF40288881A9C41C466631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F3EB Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: ea9b9d698de55a884a7a9db6a2d9c0331147559c1c230989e3a06c627a99b97c
                                                                                                                                  • Instruction ID: 41af962bce489684666cd52b765f9c34c5e6e6eac3a6b21244a81fd39284a520
                                                                                                                                  • Opcode Fuzzy Hash: ea9b9d698de55a884a7a9db6a2d9c0331147559c1c230989e3a06c627a99b97c
                                                                                                                                  • Instruction Fuzzy Hash: F0A0019A2A9203BE3A4AB2A17D17D7A032CC5C5B6533489AEF40288881A9C41C466631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F3D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: fc2fd8c276fc979e1e5ec5dcb5e8650ff49130ed8546a2afd7ffe64f21be1ff5
                                                                                                                                  • Instruction ID: 41af962bce489684666cd52b765f9c34c5e6e6eac3a6b21244a81fd39284a520
                                                                                                                                  • Opcode Fuzzy Hash: fc2fd8c276fc979e1e5ec5dcb5e8650ff49130ed8546a2afd7ffe64f21be1ff5
                                                                                                                                  • Instruction Fuzzy Hash: F0A0019A2A9203BE3A4AB2A17D17D7A032CC5C5B6533489AEF40288881A9C41C466631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F431 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 85f77566048838d4402a0b7073243a75782e1dc2b8d4632166ef72c470db4e5a
                                                                                                                                  • Instruction ID: 41af962bce489684666cd52b765f9c34c5e6e6eac3a6b21244a81fd39284a520
                                                                                                                                  • Opcode Fuzzy Hash: 85f77566048838d4402a0b7073243a75782e1dc2b8d4632166ef72c470db4e5a
                                                                                                                                  • Instruction Fuzzy Hash: F0A0019A2A9203BE3A4AB2A17D17D7A032CC5C5B6533489AEF40288881A9C41C466631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F427 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 13ef3f223a9b6b3daa832708ff95ca1c79ae9568b9f2795222095f7f3c642f6f
                                                                                                                                  • Instruction ID: 41af962bce489684666cd52b765f9c34c5e6e6eac3a6b21244a81fd39284a520
                                                                                                                                  • Opcode Fuzzy Hash: 13ef3f223a9b6b3daa832708ff95ca1c79ae9568b9f2795222095f7f3c642f6f
                                                                                                                                  • Instruction Fuzzy Hash: F0A0019A2A9203BE3A4AB2A17D17D7A032CC5C5B6533489AEF40288881A9C41C466631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F41D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 811b241e26687c42da856fc9027328f8360fff4f9662a48cc4fdcf92078dc9ad
                                                                                                                                  • Instruction ID: 41af962bce489684666cd52b765f9c34c5e6e6eac3a6b21244a81fd39284a520
                                                                                                                                  • Opcode Fuzzy Hash: 811b241e26687c42da856fc9027328f8360fff4f9662a48cc4fdcf92078dc9ad
                                                                                                                                  • Instruction Fuzzy Hash: F0A0019A2A9203BE3A4AB2A17D17D7A032CC5C5B6533489AEF40288881A9C41C466631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F413 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 1ca74f4b39e0f01802c359be561c010a3df25193b25d4b12a4282738176600f3
                                                                                                                                  • Instruction ID: 41af962bce489684666cd52b765f9c34c5e6e6eac3a6b21244a81fd39284a520
                                                                                                                                  • Opcode Fuzzy Hash: 1ca74f4b39e0f01802c359be561c010a3df25193b25d4b12a4282738176600f3
                                                                                                                                  • Instruction Fuzzy Hash: F0A0019A2A9203BE3A4AB2A17D17D7A032CC5C5B6533489AEF40288881A9C41C466631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F409 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F33D
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 1c092589430596b3c8b5d89c6c7a25dbe127afa699bf41686094ac82d3710b76
                                                                                                                                  • Instruction ID: 41af962bce489684666cd52b765f9c34c5e6e6eac3a6b21244a81fd39284a520
                                                                                                                                  • Opcode Fuzzy Hash: 1c092589430596b3c8b5d89c6c7a25dbe127afa699bf41686094ac82d3710b76
                                                                                                                                  • Instruction Fuzzy Hash: F0A0019A2A9203BE3A4AB2A17D17D7A032CC5C5B6533489AEF40288881A9C41C466631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F56E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F556
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 3babdc3899171cbd5dcd8e303972fe74a5cba2cbee3f15fd545fa094060b8c41
                                                                                                                                  • Instruction ID: bc2e44a79a0c6ac70c0a91d6528a1f432dd5ecaab4132fc8b15d0a86da46771a
                                                                                                                                  • Opcode Fuzzy Hash: 3babdc3899171cbd5dcd8e303972fe74a5cba2cbee3f15fd545fa094060b8c41
                                                                                                                                  • Instruction Fuzzy Hash: 5AA001D62A9612BE360A76A27D17D7A021CC4DABA533089AAF44289881AA845E851231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F564 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F556
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 29bccbdebea11f6c9d11c8a9dee17e525b0d09c9fa9bcad0e2aa092489167ff6
                                                                                                                                  • Instruction ID: bc2e44a79a0c6ac70c0a91d6528a1f432dd5ecaab4132fc8b15d0a86da46771a
                                                                                                                                  • Opcode Fuzzy Hash: 29bccbdebea11f6c9d11c8a9dee17e525b0d09c9fa9bcad0e2aa092489167ff6
                                                                                                                                  • Instruction Fuzzy Hash: 5AA001D62A9612BE360A76A27D17D7A021CC4DABA533089AAF44289881AA845E851231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F549 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F556
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 03292d972929ba7f316bb3697135fc7dcc57cb4b22203aa24a056bdbdcd3380b
                                                                                                                                  • Instruction ID: 42b8dd3267f4662fca50ec3523a0e3358a6ea63780ca40a2b85e0e1025b09d15
                                                                                                                                  • Opcode Fuzzy Hash: 03292d972929ba7f316bb3697135fc7dcc57cb4b22203aa24a056bdbdcd3380b
                                                                                                                                  • Instruction Fuzzy Hash: B7A011C22A82003E320A3AA23E03C3A020CC0C2B2033080AAF00288880AA800E800230
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F5A0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F556
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: f9f6b67624b0cdf60992585f7d0351ab2c1e19d782f937f3da16b28076b7927e
                                                                                                                                  • Instruction ID: bc2e44a79a0c6ac70c0a91d6528a1f432dd5ecaab4132fc8b15d0a86da46771a
                                                                                                                                  • Opcode Fuzzy Hash: f9f6b67624b0cdf60992585f7d0351ab2c1e19d782f937f3da16b28076b7927e
                                                                                                                                  • Instruction Fuzzy Hash: 5AA001D62A9612BE360A76A27D17D7A021CC4DABA533089AAF44289881AA845E851231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F596 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F556
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: b26251b2d9789da705b0fcf44bedb92939cbad4ba3e805500d9117e49a9c5d0c
                                                                                                                                  • Instruction ID: bc2e44a79a0c6ac70c0a91d6528a1f432dd5ecaab4132fc8b15d0a86da46771a
                                                                                                                                  • Opcode Fuzzy Hash: b26251b2d9789da705b0fcf44bedb92939cbad4ba3e805500d9117e49a9c5d0c
                                                                                                                                  • Instruction Fuzzy Hash: 5AA001D62A9612BE360A76A27D17D7A021CC4DABA533089AAF44289881AA845E851231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F58C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F556
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 71d3e77137181408940455cc5a3559bf3ff7b4d2d426a7e414833fa970c66568
                                                                                                                                  • Instruction ID: bc2e44a79a0c6ac70c0a91d6528a1f432dd5ecaab4132fc8b15d0a86da46771a
                                                                                                                                  • Opcode Fuzzy Hash: 71d3e77137181408940455cc5a3559bf3ff7b4d2d426a7e414833fa970c66568
                                                                                                                                  • Instruction Fuzzy Hash: 5AA001D62A9612BE360A76A27D17D7A021CC4DABA533089AAF44289881AA845E851231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F6FF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F70C
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 6ce82a49873d58f01a29d781a4bd16279b4a96a287930d661db4a1fde7486e95
                                                                                                                                  • Instruction ID: c84f45a188629ae4ee2339a3ff43c56f88d03003ec40e7d17797b3c182aa62da
                                                                                                                                  • Opcode Fuzzy Hash: 6ce82a49873d58f01a29d781a4bd16279b4a96a287930d661db4a1fde7486e95
                                                                                                                                  • Instruction Fuzzy Hash: 3FA002D62B9301BE360B76A17D97D7B121CD8C5F7933089BEF402DC881A9C45D951331
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F6F5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F6AB
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 62cd8fc567cce0fdd98c72849ed97db2de3c87c59b6b1e2bef1adf02a06cbadb
                                                                                                                                  • Instruction ID: 6f8c67cb6080bee6402c7cbc601e0f5142e8fcd6f71f572b518908b72f0360ab
                                                                                                                                  • Opcode Fuzzy Hash: 62cd8fc567cce0fdd98c72849ed97db2de3c87c59b6b1e2bef1adf02a06cbadb
                                                                                                                                  • Instruction Fuzzy Hash: A7A001962B9202BD360A72A16D17D7A021CC4C9B693308BAAF44298895A9851C451631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F6EB Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F6AB
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 3b298b723b19cc2acce7840e82d9b11c5c10424bb42e589cae1d0e519ad233ab
                                                                                                                                  • Instruction ID: 6f8c67cb6080bee6402c7cbc601e0f5142e8fcd6f71f572b518908b72f0360ab
                                                                                                                                  • Opcode Fuzzy Hash: 3b298b723b19cc2acce7840e82d9b11c5c10424bb42e589cae1d0e519ad233ab
                                                                                                                                  • Instruction Fuzzy Hash: A7A001962B9202BD360A72A16D17D7A021CC4C9B693308BAAF44298895A9851C451631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F6E1 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F6AB
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 4c14d99188e7fb30fc9f488ba3f0f3f5fd4c37c198024f970bdd1c59303fa249
                                                                                                                                  • Instruction ID: 6f8c67cb6080bee6402c7cbc601e0f5142e8fcd6f71f572b518908b72f0360ab
                                                                                                                                  • Opcode Fuzzy Hash: 4c14d99188e7fb30fc9f488ba3f0f3f5fd4c37c198024f970bdd1c59303fa249
                                                                                                                                  • Instruction Fuzzy Hash: A7A001962B9202BD360A72A16D17D7A021CC4C9B693308BAAF44298895A9851C451631
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F72E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F70C
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 57f86dfd34e61ae9c7cfa85c8efdc2c9be7449688ef119774a31c64dd6c7b4de
                                                                                                                                  • Instruction ID: 714181b4d1f29b7096e1dcfee81eb2a78b3deea9107b0fc7f690faffd6e5fd5d
                                                                                                                                  • Opcode Fuzzy Hash: 57f86dfd34e61ae9c7cfa85c8efdc2c9be7449688ef119774a31c64dd6c7b4de
                                                                                                                                  • Instruction Fuzzy Hash: 4EA001962A9302BE360A76A16D57D7A121CC8C9BA533089AAF40288881A9845D951231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F71A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0038F70C
                                                                                                                                    • Part of subcall function 0038F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0038FA5C
                                                                                                                                    • Part of subcall function 0038F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0038FA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 74fe5d0d86c67dd3b22db5e4d317896f7d11ad631f8657c2f613bb5a08c1a4bb
                                                                                                                                  • Instruction ID: 714181b4d1f29b7096e1dcfee81eb2a78b3deea9107b0fc7f690faffd6e5fd5d
                                                                                                                                  • Opcode Fuzzy Hash: 74fe5d0d86c67dd3b22db5e4d317896f7d11ad631f8657c2f613bb5a08c1a4bb
                                                                                                                                  • Instruction Fuzzy Hash: 4EA001962A9302BE360A76A16D57D7A121CC8C9BA533089AAF40288881A9845D951231
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037B199 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetEndOfFile.KERNELBASE(?,0037A083,?,?,-000018C0,?,-00002908,00000000,-00000880,?,00000000,?,?,00000000,0037922F,-00008BE0), ref: 0037B19C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 749574446-0
                                                                                                                                  • Opcode ID: 0caf5f80707394cdbcfc7afc1e99d7b32b269eed8eecd814864828cd285a736e
                                                                                                                                  • Instruction ID: 601e9561de404a6f35c70aa5a7dcce311733d0c4bacc3df5233fa3852b45f584
                                                                                                                                  • Opcode Fuzzy Hash: 0caf5f80707394cdbcfc7afc1e99d7b32b269eed8eecd814864828cd285a736e
                                                                                                                                  • Instruction Fuzzy Hash: 9EA0243004000D47CD011730DD0400C7710F7517C070041D45007CF071C7134407D701
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038BC19 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,0038BFF6,003C1890,00000000,003C2892,00000006), ref: 0038BC1D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1611563598-0
                                                                                                                                  • Opcode ID: cd8cdee6b5e9dfe67e11e90b531942d238d6b377b50be0497279d5c1fb488179
                                                                                                                                  • Instruction ID: 9c48358b61c3e2e672d1432a4a73b489be04c6d3c75d82b81ffb532264cf0641
                                                                                                                                  • Opcode Fuzzy Hash: cd8cdee6b5e9dfe67e11e90b531942d238d6b377b50be0497279d5c1fb488179
                                                                                                                                  • Instruction Fuzzy Hash: C6A01132200200CB82020B328F0AA0EBAAAAFA2B00F00C028A00080030EB3088A0BA00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 0038D420 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 233windowfileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 003712F6: GetDlgItem.USER32(00000000,00003021), ref: 0037133A
                                                                                                                                    • Part of subcall function 003712F6: SetWindowTextW.USER32(00000000,003A45F4), ref: 00371350
                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0038D4B1
                                                                                                                                  • EndDialog.USER32(?,00000006), ref: 0038D4C4
                                                                                                                                  • GetDlgItem.USER32(?,0000006C), ref: 0038D4E0
                                                                                                                                  • SetFocus.USER32(00000000), ref: 0038D4E7
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000065,?), ref: 0038D521
                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0038D558
                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 0038D56E
                                                                                                                                    • Part of subcall function 0038BC2B: FileTimeToSystemTime.KERNEL32(?,?), ref: 0038BC3F
                                                                                                                                    • Part of subcall function 0038BC2B: SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 0038BC50
                                                                                                                                    • Part of subcall function 0038BC2B: SystemTimeToFileTime.KERNEL32(?,?), ref: 0038BC5E
                                                                                                                                    • Part of subcall function 0038BC2B: FileTimeToSystemTime.KERNEL32(?,?), ref: 0038BC6C
                                                                                                                                    • Part of subcall function 0038BC2B: GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0038BC87
                                                                                                                                    • Part of subcall function 0038BC2B: GetTimeFormatW.KERNEL32(00000400,?,?,00000000,?,00000032), ref: 0038BCAE
                                                                                                                                    • Part of subcall function 0038BC2B: _swprintf.LIBCMT ref: 0038BCD4
                                                                                                                                  • _swprintf.LIBCMT ref: 0038D5B7
                                                                                                                                    • Part of subcall function 00374A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00374A33
                                                                                                                                  • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0038D5CA
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0038D5D1
                                                                                                                                  • _swprintf.LIBCMT ref: 0038D620
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000068,?), ref: 0038D633
                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0038D650
                                                                                                                                  • _swprintf.LIBCMT ref: 0038D683
                                                                                                                                  • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0038D696
                                                                                                                                  • _swprintf.LIBCMT ref: 0038D6E0
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000069,?), ref: 0038D6F3
                                                                                                                                    • Part of subcall function 0038C093: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0038C0B9
                                                                                                                                    • Part of subcall function 0038C093: GetNumberFormatW.KERNEL32(00000400,00000000,?,003B072C,?,?), ref: 0038C108
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Item$Time$Text$_swprintf$FileSystem$FormatMessageSend$Find$CloseDateDialogFirstFocusInfoLocalLocaleNumberSpecificWindow__vswprintf_c_l
                                                                                                                                  • String ID: %s %s$REPLACEFILEDLG
                                                                                                                                  • API String ID: 3464475507-439456425
                                                                                                                                  • Opcode ID: 089863b760be5933a0037238903f46fc2894dbd1a09b7e3cf936b51e8f29bc27
                                                                                                                                  • Instruction ID: 2feb70659a22867fd0b5a72b7abd51b222fc632439dddfb4085e24b844473f53
                                                                                                                                  • Opcode Fuzzy Hash: 089863b760be5933a0037238903f46fc2894dbd1a09b7e3cf936b51e8f29bc27
                                                                                                                                  • Instruction Fuzzy Hash: 1171D272249304BBE633ABA4DC49FFB77ACEB8A700F454819F64DD60C1DB75A9048762
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00377AAF Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 337fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00377AB4
                                                                                                                                  • _wcslen.LIBCMT ref: 00377B1D
                                                                                                                                  • _wcslen.LIBCMT ref: 00377B8E
                                                                                                                                    • Part of subcall function 00378704: GetCurrentProcess.KERNEL32(00000020,?), ref: 00378713
                                                                                                                                    • Part of subcall function 00378704: OpenProcessToken.ADVAPI32(00000000), ref: 0037871A
                                                                                                                                    • Part of subcall function 00378704: GetLastError.KERNEL32 ref: 00378759
                                                                                                                                    • Part of subcall function 00378704: CloseHandle.KERNEL32(?), ref: 00378768
                                                                                                                                    • Part of subcall function 0037B470: DeleteFileW.KERNELBASE(?,00000000,?,0037A438,?,?,?,?,0037892B,?,?,?,003A380F,000000FF), ref: 0037B481
                                                                                                                                    • Part of subcall function 0037B470: DeleteFileW.KERNEL32(?,?,?,00000800,?,0037A438,?,?,?,?,0037892B,?,?,?,003A380F,000000FF), ref: 0037B4AF
                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00377C43
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00377C5F
                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00377DAB
                                                                                                                                    • Part of subcall function 0037B032: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00377ED0,?,?,?,00000000), ref: 0037B04C
                                                                                                                                    • Part of subcall function 0037B032: SetFileTime.KERNELBASE(?,?,?,?), ref: 0037B100
                                                                                                                                    • Part of subcall function 0037A880: FindCloseChangeNotification.KERNELBASE(000000FF,?,?,0037A83D,?,?,?,?,?,003A380F,000000FF), ref: 0037A89B
                                                                                                                                    • Part of subcall function 0037B8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0037B5B5,?,?,?,0037B405,?,00000001,00000000,?,?), ref: 0037B8FA
                                                                                                                                    • Part of subcall function 0037B8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0037B5B5,?,?,?,0037B405,?,00000001,00000000,?,?), ref: 0037B92B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Close$AttributesCreateDeleteHandleProcess_wcslen$BuffersChangeCurrentErrorFindFlushH_prologLastNotificationOpenTimeToken
                                                                                                                                  • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                                  • API String ID: 1504485742-3508440684
                                                                                                                                  • Opcode ID: f0f1a1ec14b95d0a8c4c68a5490aa6e32e76a653d88c1cbd7456baa443444c92
                                                                                                                                  • Instruction ID: 1522fc773c654e65e7ec5a8ed9e3f99d1b15153d8ef208fe6e3c64ec6f74ca43
                                                                                                                                  • Opcode Fuzzy Hash: f0f1a1ec14b95d0a8c4c68a5490aa6e32e76a653d88c1cbd7456baa443444c92
                                                                                                                                  • Instruction Fuzzy Hash: 3FC1E771904209EADB33DB74CC46FEEB7ACAF44314F008559F54AEB182D778AA44CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039EAAE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                                  • Opcode ID: 87c4feac83f6d4835a257b640d82f79f6b6384445f1d7c31f86f1ea1fdfbbe9f
                                                                                                                                  • Instruction ID: f646304dc8d9bb84925e5f928bfd5cc23934203f836a6186bce3e6635bd638a6
                                                                                                                                  • Opcode Fuzzy Hash: 87c4feac83f6d4835a257b640d82f79f6b6384445f1d7c31f86f1ea1fdfbbe9f
                                                                                                                                  • Instruction Fuzzy Hash: 95C23B72E086298FDF26CE28DD407EAB7B9EB45315F1541EAD84DE7240E774AE818F40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037395A Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 666COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog_swprintf
                                                                                                                                  • String ID: CMT$h%u$hc%u
                                                                                                                                  • API String ID: 146138363-3282847064
                                                                                                                                  • Opcode ID: 9d1e2b7d82aba4ad6c8e3da01597d826ac347fc811ea44aab4ec150a7247ac6e
                                                                                                                                  • Instruction ID: 3179a49cbaebbda6beff4618d231bc3447fb4eb69bcc4e459dfa7c65a1faa59f
                                                                                                                                  • Opcode Fuzzy Hash: 9d1e2b7d82aba4ad6c8e3da01597d826ac347fc811ea44aab4ec150a7247ac6e
                                                                                                                                  • Instruction Fuzzy Hash: C942C7716052449FDF36DF34C891AE93BA5AF15300F448479FC4E9F282DB78AA89CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00372EB6 Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 804COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00372EBF
                                                                                                                                  • _strlen.LIBCMT ref: 0037348B
                                                                                                                                    • Part of subcall function 00381600: __EH_prolog.LIBCMT ref: 00381605
                                                                                                                                    • Part of subcall function 00382ED2: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0037CF18,00000000,?,?), ref: 00382EEE
                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003735DD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                                                                  • String ID: CMT
                                                                                                                                  • API String ID: 1206968400-2756464174
                                                                                                                                  • Opcode ID: f600d182b7d367065eda7f0e05dee4c8ecdc312e9f58247beade046163f7300d
                                                                                                                                  • Instruction ID: ea03840b6d845c9ea1b1d0031f8063981108ab875513129c1977be067025df46
                                                                                                                                  • Opcode Fuzzy Hash: f600d182b7d367065eda7f0e05dee4c8ecdc312e9f58247beade046163f7300d
                                                                                                                                  • Instruction Fuzzy Hash: CD6227726002848FDB3ADF38C8916E93BA1AF59300F09857DFC5E8F282D7789A44DB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00390A0A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00390A16
                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00390AE2
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00390B02
                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00390B0C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 254469556-0
                                                                                                                                  • Opcode ID: 0a897b909fcd03af85bdadbdb3108bbc4b2bab700d81ed73cc4206e3e7785b9d
                                                                                                                                  • Instruction ID: c286a8c794025cb3df3bb49ce8df4a906b6e4b9de8704a6ec632e4fbb196c7e7
                                                                                                                                  • Opcode Fuzzy Hash: 0a897b909fcd03af85bdadbdb3108bbc4b2bab700d81ed73cc4206e3e7785b9d
                                                                                                                                  • Instruction Fuzzy Hash: 0E3138B5D012199BDF21DFA4DD897CDBBB8AF18304F1041AAE408AB250EB719A848F44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F82F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualQuery.KERNEL32(80000000,0038F774,0000001C,0038F969,00000000,?,?,?,?,?,?,?,0038F774,00000004,003D3D24,0038F9F9), ref: 0038F840
                                                                                                                                  • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,0038F774,00000004,003D3D24,0038F9F9), ref: 0038F85B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoQuerySystemVirtual
                                                                                                                                  • String ID: D
                                                                                                                                  • API String ID: 401686933-2746444292
                                                                                                                                  • Opcode ID: 65508bebd7599d57e479b53c59b7a7a8abe1552c2910d8ab59ab053abf7921c0
                                                                                                                                  • Instruction ID: 234c8409dafdd82927639b33d7577d88ca883c70b881fd609a96d5a40c348294
                                                                                                                                  • Opcode Fuzzy Hash: 65508bebd7599d57e479b53c59b7a7a8abe1552c2910d8ab59ab053abf7921c0
                                                                                                                                  • Instruction Fuzzy Hash: E101F732700209ABCB14EE29DC05BDE7BE9AFD5324F1DC274AD19D7254E634D9028780
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00394FEF Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 003950E7
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 003950F1
                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 003950FE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                  • Opcode ID: 3e6f32d8d9f069833be533ca96e27885bc0e8d27bc1dc2e1e79ecfe42e2e4376
                                                                                                                                  • Instruction ID: 73432e74bc674b5097f2fd61609bf3f8318fb4f525770416cab08a840f66f652
                                                                                                                                  • Opcode Fuzzy Hash: 3e6f32d8d9f069833be533ca96e27885bc0e8d27bc1dc2e1e79ecfe42e2e4376
                                                                                                                                  • Instruction Fuzzy Hash: 1931B474911219ABCF22DF64D989789BBB8AF08310F5042DAE80CAB251E7709BC18F44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039C508 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: .
                                                                                                                                  • API String ID: 0-248832578
                                                                                                                                  • Opcode ID: 6ac103943639126d4c711b8bd9ac1ec7416cb9ec6b9b660d1b7328e90ddd70e1
                                                                                                                                  • Instruction ID: 2ff6f3efa5102d83f38ac656db5c7881ca90d92856e5ab9676b0dfe411f1b605
                                                                                                                                  • Opcode Fuzzy Hash: 6ac103943639126d4c711b8bd9ac1ec7416cb9ec6b9b660d1b7328e90ddd70e1
                                                                                                                                  • Instruction Fuzzy Hash: 9E310571810249AFCF269E79CC85EFB7BBDDB86304F0511A8F919D7251E630AE448B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039E600 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d08e2bcb8369247a90beecc4ac2937ecc20121a35f50d3dd5c946701bfc99d8e
                                                                                                                                  • Instruction ID: 9fcc4cd7b2481af5c211fe8d27f3a9afad17f5f51b1e1a16d6faaaf48f0bffc3
                                                                                                                                  • Opcode Fuzzy Hash: d08e2bcb8369247a90beecc4ac2937ecc20121a35f50d3dd5c946701bfc99d8e
                                                                                                                                  • Instruction Fuzzy Hash: 0D020C71E002199FDF15CFA9C8806ADBBF5FF48714F25816AE919EB384D731AE418B90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038C093 Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0038C0B9
                                                                                                                                  • GetNumberFormatW.KERNEL32(00000400,00000000,?,003B072C,?,?), ref: 0038C108
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FormatInfoLocaleNumber
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2169056816-0
                                                                                                                                  • Opcode ID: 0199fffb1bb8749bfb7e36c0a51a64e2ef16e84f4f8ce369f0249c5a4bb44990
                                                                                                                                  • Instruction ID: 0dd907fd6d20887eaa945ef43e7fe6e559207a0799a3293851e6460ea58c9641
                                                                                                                                  • Opcode Fuzzy Hash: 0199fffb1bb8749bfb7e36c0a51a64e2ef16e84f4f8ce369f0249c5a4bb44990
                                                                                                                                  • Instruction Fuzzy Hash: 2D015E75250308BBD7229BB4EC45F9B77BCEF59754F005022FA0497150D770A915CBA5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00377727 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(00377886,?,00000400), ref: 00377727
                                                                                                                                  • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00377748
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFormatLastMessage
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3479602957-0
                                                                                                                                  • Opcode ID: 2aa99377f4d414df732ada5388d343da9b8ef867e020ef21317d4ce8e19f3426
                                                                                                                                  • Instruction ID: aa112e4a042f35e12362b1ee24044b953174e7a3ccc9c905834e5fd3d25e46d4
                                                                                                                                  • Opcode Fuzzy Hash: 2aa99377f4d414df732ada5388d343da9b8ef867e020ef21317d4ce8e19f3426
                                                                                                                                  • Instruction Fuzzy Hash: 5DD0C931348340BBFA224B705C4AF2BB79DBB86B91F15C414B759E84E0D6B49424B729
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003A2BB4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,003A2BAF,?,?,00000008,?,?,003A284F,00000000), ref: 003A2DE1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                  • Opcode ID: 623924716b1290b36902e35d5d0cccb6616448cbed5a86962f4a173b44e90b14
                                                                                                                                  • Instruction ID: 29893ca2aa1553340505685d8d74d72c51dc983586aadd9c11ebc3c7cfb65cdc
                                                                                                                                  • Opcode Fuzzy Hash: 623924716b1290b36902e35d5d0cccb6616448cbed5a86962f4a173b44e90b14
                                                                                                                                  • Instruction Fuzzy Hash: 3AB12E31510609DFD71ACF2CC486B667BE0FF46365F268658E9A9CF2A2C335D991CB40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00390826 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0039083C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2325560087-0
                                                                                                                                  • Opcode ID: 48a81491718b163d3e1cf9c6845d77765f7efe80393dee27c4d0dd9e6a4c081d
                                                                                                                                  • Instruction ID: a6beb946c2ca3c20bb3d7455fc2d1ff45ca8792d58e6ef0b9299866f6e83951d
                                                                                                                                  • Opcode Fuzzy Hash: 48a81491718b163d3e1cf9c6845d77765f7efe80393dee27c4d0dd9e6a4c081d
                                                                                                                                  • Instruction Fuzzy Hash: 71519DB1A012058FEB1ACF58E8817AEBBF8FB48304F25852AC501EB261D375DD40CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037C365 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 0037C388
                                                                                                                                    • Part of subcall function 0037C3F7: __EH_prolog.LIBCMT ref: 0037C3FC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prologVersion
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1836448879-0
                                                                                                                                  • Opcode ID: 1e13d39d4f1c75af91f4cc011c7f728588baaae179089f937373c1ebe9f8233d
                                                                                                                                  • Instruction ID: 546922fe1b1f3ba00baeaf3b9d9474b40343fb5a27603df92232eefb2e6a9ddf
                                                                                                                                  • Opcode Fuzzy Hash: 1e13d39d4f1c75af91f4cc011c7f728588baaae179089f937373c1ebe9f8233d
                                                                                                                                  • Instruction Fuzzy Hash: 1DF089345142988AFF37DB20AC057E877E84B1130DF04E1C9C64952192C3BD4689DF72
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00374A8E Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: gj
                                                                                                                                  • API String ID: 0-4203073231
                                                                                                                                  • Opcode ID: 2af2ced735c45a2719e4188cbded315b940cde28a8c2baed69938bd3e388fd3f
                                                                                                                                  • Instruction ID: b5f7f7b185dd763c769712f63831167544d4a7d9d8241887b21b719b7f2f35e4
                                                                                                                                  • Opcode Fuzzy Hash: 2af2ced735c45a2719e4188cbded315b940cde28a8c2baed69938bd3e388fd3f
                                                                                                                                  • Instruction Fuzzy Hash: CFC147B2A183818FC754CF29D88065AFBE1BFC9308F19892DE998D7301D774E945CB92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00390B9D Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_00020BB0,00390605), ref: 00390BA2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                  • Opcode ID: 4c1c80349631f70d63db850471c841f7ff51510841a94c12cbe0aa633f22c6ee
                                                                                                                                  • Instruction ID: b56d9e937a4359a16f1044d56cc39ce5a065c1ada4d8e3abd164c0db46649f7e
                                                                                                                                  • Opcode Fuzzy Hash: 4c1c80349631f70d63db850471c841f7ff51510841a94c12cbe0aa633f22c6ee
                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039D1F0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HeapProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                  • Opcode ID: 8146e730ad48d5539d81019d64164934799f23f779b044c307fb057faac2caef
                                                                                                                                  • Instruction ID: bdc8e45deea558653f7abe56d14333d85c2ae686ac16b5e23d956f374257215e
                                                                                                                                  • Opcode Fuzzy Hash: 8146e730ad48d5539d81019d64164934799f23f779b044c307fb057faac2caef
                                                                                                                                  • Instruction Fuzzy Hash: 2EA01130202200CB83028F32AA082083AACAA83380B00802AE00AC0220EB3080A08A02
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038742E Relevance: .8, Instructions: 807COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 49c86cf5dfd120552ca6a330adbc3208c23189e3a77a00f43a99fa3c4c682a92
                                                                                                                                  • Instruction ID: 945fc5cb109c3ca4ca828d68edc1f7e2021bc36d7371f129f29b4bc0da939eeb
                                                                                                                                  • Opcode Fuzzy Hash: 49c86cf5dfd120552ca6a330adbc3208c23189e3a77a00f43a99fa3c4c682a92
                                                                                                                                  • Instruction Fuzzy Hash: DE6227716187858FCB2BDF38C4906B9BBE2AF91304F2985ADD89B8B742D734E945C710
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003888AF Relevance: .8, Instructions: 781COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a99e5591819f93bed0ea4b7cda3a5de53e9357d52e2d772d63c253c1e4b53f2a
                                                                                                                                  • Instruction ID: cd74966bd5df70f3ca183adde51c32a78e09808d6052ac00040c500df4248846
                                                                                                                                  • Opcode Fuzzy Hash: a99e5591819f93bed0ea4b7cda3a5de53e9357d52e2d772d63c253c1e4b53f2a
                                                                                                                                  • Instruction Fuzzy Hash: 9C6217716083459FCB1ADF28C4806B8BBE1BF95304F0986AEEC998F746D734E945CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003807A7 Relevance: .7, Instructions: 694COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dfbf6881d0393643dd25d5cfa1cce131a79b466a846340052269a16c1008f441
                                                                                                                                  • Instruction ID: 085e65dac601d8e6eaa621abe32dd4d87a5507ef10a1145c650fae14dc388797
                                                                                                                                  • Opcode Fuzzy Hash: dfbf6881d0393643dd25d5cfa1cce131a79b466a846340052269a16c1008f441
                                                                                                                                  • Instruction Fuzzy Hash: A2524A72A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00388253 Relevance: .5, Instructions: 528COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e1c377a0e28fd3ff2dcf5fc741260b27746d039640085a07c58c19139c167242
                                                                                                                                  • Instruction ID: 9add4cdc1df8b7ec050d1428356e84a78b8304a10accd18138af353fc6fc9ba9
                                                                                                                                  • Opcode Fuzzy Hash: e1c377a0e28fd3ff2dcf5fc741260b27746d039640085a07c58c19139c167242
                                                                                                                                  • Instruction Fuzzy Hash: 7512F3716147068FC72ADF28C4907B9B7E0FF44304F94896DE99BCB680EB78A995CB05
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037D833 Relevance: .5, Instructions: 454COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 498a04b3827ccfe65360a0022fd3b2dc9c0295fad5856738b25cfc0c3392473e
                                                                                                                                  • Instruction ID: d5291c643717549c0cf3059f9f36c10262fc70e474db5d51dd279bcdefd63fe2
                                                                                                                                  • Opcode Fuzzy Hash: 498a04b3827ccfe65360a0022fd3b2dc9c0295fad5856738b25cfc0c3392473e
                                                                                                                                  • Instruction Fuzzy Hash: 6DF18B71A083018FC766CF28C584A2ABBF5FFC9314F158A2EF4C997261D639E945CB52
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00387DDC Relevance: .3, Instructions: 343COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 551aa755203573abd9eee53c35ee5c20eb23c14b723acd13fda3da733d585274
                                                                                                                                  • Instruction ID: aae1235a2650dd571f0c96ad69f4856d5e3080f4c50dcf5f0156297265b9e620
                                                                                                                                  • Opcode Fuzzy Hash: 551aa755203573abd9eee53c35ee5c20eb23c14b723acd13fda3da733d585274
                                                                                                                                  • Instruction Fuzzy Hash: 68D1D5B16083418FCB25EF28C84475BBBE5BF89308F0545ADE9899B342DB34ED05CB5A
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037FCCC Relevance: .3, Instructions: 320COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c9cde0944f239a13d5a03faa144265b0ce56282e36d038ed320d2cd8095da0d1
                                                                                                                                  • Instruction ID: 71c5c710f69829e080d52cf03cca7738adbaeab47f4cff59ab235ee331dcf8b3
                                                                                                                                  • Opcode Fuzzy Hash: c9cde0944f239a13d5a03faa144265b0ce56282e36d038ed320d2cd8095da0d1
                                                                                                                                  • Instruction Fuzzy Hash: 7FE16D755183908FC306CF19D49046ABBF4FB9A304F4A0A5EFAD487352C735EA16DBA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00385282 Relevance: .3, Instructions: 270COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fbc3703b16c3aae3db15c4d448ff6b4734694cd092f9e90ebe0c6dc9e479c305
                                                                                                                                  • Instruction ID: bbbb539d19d41f71de69121182943ebaa9b9ba9ff6b8024ef6adcd57141c0401
                                                                                                                                  • Opcode Fuzzy Hash: fbc3703b16c3aae3db15c4d448ff6b4734694cd092f9e90ebe0c6dc9e479c305
                                                                                                                                  • Instruction Fuzzy Hash: A4915BB1200B069BDB27FF64D891BBEB7D9EB90300F20496DE5978B281EBB8D544C751
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003855B0 Relevance: .2, Instructions: 243COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 931725267d3afae2a79d0ebb937372447d19929da5c01f319e552610ee085862
                                                                                                                                  • Instruction ID: 700b5eaacecff8b7cc416b84802e14710b2ae49226bab38ed579c6466a544a57
                                                                                                                                  • Opcode Fuzzy Hash: 931725267d3afae2a79d0ebb937372447d19929da5c01f319e552610ee085862
                                                                                                                                  • Instruction Fuzzy Hash: 0F814A713047469FEB37FE28C8C1BBD77D5AB90304F1089ADF9868F682DB6488858755
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003964D7 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4c7b4051cbf0ceeed1cf1dcadfa431e2bed8487b417f97a17fe2c0cfdb6bf207
                                                                                                                                  • Instruction ID: 2b519d17f914a08ffdb4f53a5fde8f5f0ba18f16b6bd31d2081147c9be80aa74
                                                                                                                                  • Opcode Fuzzy Hash: 4c7b4051cbf0ceeed1cf1dcadfa431e2bed8487b417f97a17fe2c0cfdb6bf207
                                                                                                                                  • Instruction Fuzzy Hash: A9618BB1602708A7DF3B5A6899A7BBE3398EF42744F52041EF883DF589DA11ED42C315
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003962A8 Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                                  • Instruction ID: 26ebe796c10ed2b32830656cd9eef32cfd94435d84851e82be54fd0f43fa1cd4
                                                                                                                                  • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                                  • Instruction Fuzzy Hash: 5351AB75603B4497DF374BAC89E77BF279D9B12300F190D2DE882CBAA2C614ED458352
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003802F7 Relevance: .2, Instructions: 161COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a8237584d87787df35ed5548dd9304e46e293ec9acee61866d71807c65406c57
                                                                                                                                  • Instruction ID: b0fb8d45980a4d451fb199b5fdd0006f9bf9d91866c74996b37cbd0f17984777
                                                                                                                                  • Opcode Fuzzy Hash: a8237584d87787df35ed5548dd9304e46e293ec9acee61866d71807c65406c57
                                                                                                                                  • Instruction Fuzzy Hash: F151F33650D3D54FC747EF29C18046EBFE0AE9A318F4A09D9E5D95B242C230DA4ECB52
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003813FD Relevance: .1, Instructions: 141COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3aafdfcc3858e8cc0174e290a403a2f7f69a22e0d51359a06d8f4aeccfa2d0fd
                                                                                                                                  • Instruction ID: 24ac7befdb8541a37121784c6ba8933c001257ed533a5455b6537091feb6c9c0
                                                                                                                                  • Opcode Fuzzy Hash: 3aafdfcc3858e8cc0174e290a403a2f7f69a22e0d51359a06d8f4aeccfa2d0fd
                                                                                                                                  • Instruction Fuzzy Hash: A851E0B1A087119FC748CF1AD48055AF7E1FF88314F058A2EE899E3741D734E959CB96
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00385011 Relevance: .1, Instructions: 112COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 74cd97078976d413443546a5e6f1c41999260f7e4caf4087a6071dd61f1d0527
                                                                                                                                  • Instruction ID: 977ca6aa6af311cd87956f7273fa091520149aeafc9d7d5ca3fd9246e095987e
                                                                                                                                  • Opcode Fuzzy Hash: 74cd97078976d413443546a5e6f1c41999260f7e4caf4087a6071dd61f1d0527
                                                                                                                                  • Instruction Fuzzy Hash: FD31D6B1604B168FCB15EF28C85126AFBE0FB95304F14892DE496D7742C739E909CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038D884 Relevance: 49.4, APIs: 24, Strings: 4, Instructions: 428windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 0038D889
                                                                                                                                    • Part of subcall function 0038C504: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0038C5EB
                                                                                                                                  • _wcslen.LIBCMT ref: 0038DB4F
                                                                                                                                  • _wcslen.LIBCMT ref: 0038DB58
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 0038DBB6
                                                                                                                                  • _wcslen.LIBCMT ref: 0038DBF8
                                                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 0038DD40
                                                                                                                                  • GetDlgItem.USER32(?,00000066), ref: 0038DD7B
                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 0038DD8B
                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,003C389A), ref: 0038DD99
                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0038DDC4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                                                                  • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                                                  • API String ID: 2804936435-312220925
                                                                                                                                  • Opcode ID: 35f058167019076facd08144f24d7c87c02916ec41c5f0b486a38ce614328159
                                                                                                                                  • Instruction ID: 0caba85f4a0490e834db96e4682c7ef8265b66ebc209d0fdc76effd8595829bb
                                                                                                                                  • Opcode Fuzzy Hash: 35f058167019076facd08144f24d7c87c02916ec41c5f0b486a38ce614328159
                                                                                                                                  • Instruction Fuzzy Hash: EEE15372900219AADF26EBA4DC85EEE73BCEF05310F5540E6F609E7094EF749E448B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037F608 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _swprintf.LIBCMT ref: 0037F62E
                                                                                                                                    • Part of subcall function 00374A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00374A33
                                                                                                                                    • Part of subcall function 003830F5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,003B3070,00000200,0037EC48,00000000,?,00000050,003B3070), ref: 00383112
                                                                                                                                  • _strlen.LIBCMT ref: 0037F64F
                                                                                                                                  • SetDlgItemTextW.USER32(?,003B0274,?), ref: 0037F6AF
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0037F6E9
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0037F6F5
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0037F795
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0037F7C2
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 0037F7FB
                                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 0037F803
                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 0037F80E
                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 0037F83B
                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 0037F8AD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                                                  • String ID: $%s:$CAPTION$d
                                                                                                                                  • API String ID: 2407758923-2512411981
                                                                                                                                  • Opcode ID: 60697f5a3694d91b3ccac41ceeea1d0fd900fff033b1226327d9be33cf8aa267
                                                                                                                                  • Instruction ID: 21ba79199ca3b568cd2d2fe9e59c115431012080f3854ca84b4d349b1fe96f6f
                                                                                                                                  • Opcode Fuzzy Hash: 60697f5a3694d91b3ccac41ceeea1d0fd900fff033b1226327d9be33cf8aa267
                                                                                                                                  • Instruction Fuzzy Hash: 2F81B371108301AFD722DF68DD89B6FBBE9FB88714F04492DFA88D7290D674E8058B52
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039DCE2 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 0039DD26
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D8DE
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D8F0
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D902
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D914
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D926
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D938
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D94A
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D95C
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D96E
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D980
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D992
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D9A4
                                                                                                                                    • Part of subcall function 0039D8C1: _free.LIBCMT ref: 0039D9B6
                                                                                                                                  • _free.LIBCMT ref: 0039DD1B
                                                                                                                                    • Part of subcall function 0039A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,0039DA56,003A4ADC,00000000,003A4ADC,00000000,?,0039DA7D,003A4ADC,00000007,003A4ADC,?,0039DE7A,003A4ADC), ref: 0039A680
                                                                                                                                    • Part of subcall function 0039A66A: GetLastError.KERNEL32(003A4ADC,?,0039DA56,003A4ADC,00000000,003A4ADC,00000000,?,0039DA7D,003A4ADC,00000007,003A4ADC,?,0039DE7A,003A4ADC,003A4ADC), ref: 0039A692
                                                                                                                                  • _free.LIBCMT ref: 0039DD3D
                                                                                                                                  • _free.LIBCMT ref: 0039DD52
                                                                                                                                  • _free.LIBCMT ref: 0039DD5D
                                                                                                                                  • _free.LIBCMT ref: 0039DD7F
                                                                                                                                  • _free.LIBCMT ref: 0039DD92
                                                                                                                                  • _free.LIBCMT ref: 0039DDA0
                                                                                                                                  • _free.LIBCMT ref: 0039DDAB
                                                                                                                                  • _free.LIBCMT ref: 0039DDE3
                                                                                                                                  • _free.LIBCMT ref: 0039DDEA
                                                                                                                                  • _free.LIBCMT ref: 0039DE07
                                                                                                                                  • _free.LIBCMT ref: 0039DE1F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                  • String ID: h;
                                                                                                                                  • API String ID: 161543041-3645641191
                                                                                                                                  • Opcode ID: 1a2834656acecdc9c114357bd0761c44fbe00193c81d78f8476b386d25315be9
                                                                                                                                  • Instruction ID: 10a40f69dd56b15e8dcf38f6f798019d5b4e9f81dae8633d78762d65a2b6c67d
                                                                                                                                  • Opcode Fuzzy Hash: 1a2834656acecdc9c114357bd0761c44fbe00193c81d78f8476b386d25315be9
                                                                                                                                  • Instruction Fuzzy Hash: CD314831A047059FEF22BA38D846B5AB3E9FF10710F19492AE449DB191DB31AC80CB95
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038E7EE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 0038E811
                                                                                                                                  • GetClassNameW.USER32(00000000,?,00000800), ref: 0038E83D
                                                                                                                                    • Part of subcall function 00383316: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00013316,0037D523,00000000,.exe,?,?,00000800,?,?,?,00389E5C), ref: 0038332C
                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 0038E859
                                                                                                                                  • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0038E870
                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 0038E884
                                                                                                                                  • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0038E8AD
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 0038E8B4
                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 0038E8BD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                                                                  • String ID: STATIC
                                                                                                                                  • API String ID: 3820355801-1882779555
                                                                                                                                  • Opcode ID: 86f0aad5059fd6379637320bc663f34509f14e9463ce594e401b728812bffccf
                                                                                                                                  • Instruction ID: fbba1654ae50bbe331c88b3327a44f3f7719ec36f3295484e5563c4a4addebf1
                                                                                                                                  • Opcode Fuzzy Hash: 86f0aad5059fd6379637320bc663f34509f14e9463ce594e401b728812bffccf
                                                                                                                                  • Instruction Fuzzy Hash: 8C11E133601B117BE6237BB0AC0AFAF775DAF54B11F0101B1FA51AA192DB64890587A5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039A421 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 0039A435
                                                                                                                                    • Part of subcall function 0039A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,0039DA56,003A4ADC,00000000,003A4ADC,00000000,?,0039DA7D,003A4ADC,00000007,003A4ADC,?,0039DE7A,003A4ADC), ref: 0039A680
                                                                                                                                    • Part of subcall function 0039A66A: GetLastError.KERNEL32(003A4ADC,?,0039DA56,003A4ADC,00000000,003A4ADC,00000000,?,0039DA7D,003A4ADC,00000007,003A4ADC,?,0039DE7A,003A4ADC,003A4ADC), ref: 0039A692
                                                                                                                                  • _free.LIBCMT ref: 0039A441
                                                                                                                                  • _free.LIBCMT ref: 0039A44C
                                                                                                                                  • _free.LIBCMT ref: 0039A457
                                                                                                                                  • _free.LIBCMT ref: 0039A462
                                                                                                                                  • _free.LIBCMT ref: 0039A46D
                                                                                                                                  • _free.LIBCMT ref: 0039A478
                                                                                                                                  • _free.LIBCMT ref: 0039A483
                                                                                                                                  • _free.LIBCMT ref: 0039A48E
                                                                                                                                  • _free.LIBCMT ref: 0039A49C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: c5fd1456011b5328c435edbe702cffe6616d3e606bdf859ee2abba864e7858ed
                                                                                                                                  • Instruction ID: f74814e868550cb3821db061c6cadcafa7cbb8d1f6545d87486cf0987bf352ce
                                                                                                                                  • Opcode Fuzzy Hash: c5fd1456011b5328c435edbe702cffe6616d3e606bdf859ee2abba864e7858ed
                                                                                                                                  • Instruction Fuzzy Hash: 5B11A476110508BFCF02FF54C952CD93BB5EF18750F5582A5FA088F222DA31EE519B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00393FC1 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                  • API String ID: 322700389-393685449
                                                                                                                                  • Opcode ID: 5baa127b25f3d6fe718d1d50f3684a7bb396625e5d7b5c5a5992d16fcc3034e0
                                                                                                                                  • Instruction ID: 63f094b99f9c0789543ddfdeb3b06fd7de70f20a6b36cdf929b5160aa8ea76ba
                                                                                                                                  • Opcode Fuzzy Hash: 5baa127b25f3d6fe718d1d50f3684a7bb396625e5d7b5c5a5992d16fcc3034e0
                                                                                                                                  • Instruction Fuzzy Hash: ABB17A75800209EFCF26DFA4D881DAEBBB5FF18310B16455AF8156B212D731DA62CF91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038A6D1 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 0038A6F6
                                                                                                                                  • _wcslen.LIBCMT ref: 0038A796
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 0038A7A5
                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 0038A7C6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$AllocByteCharGlobalMultiWide
                                                                                                                                  • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                                  • API String ID: 1116704506-4209811716
                                                                                                                                  • Opcode ID: 618bf46989068b388e45cdd2d280219b7a800b6cb84b0c037dfbaf27bcd9325e
                                                                                                                                  • Instruction ID: 7e00f6e1470958c53a4bbed44b01100a0b2374ae42292d19f6c78e9a7c4b9dc8
                                                                                                                                  • Opcode Fuzzy Hash: 618bf46989068b388e45cdd2d280219b7a800b6cb84b0c037dfbaf27bcd9325e
                                                                                                                                  • Instruction Fuzzy Hash: 39313732104B017AF717BB64DC06F6B7BACDF92710F14005FF5019A1D2EB64990583A6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038C7B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 003712F6: GetDlgItem.USER32(00000000,00003021), ref: 0037133A
                                                                                                                                    • Part of subcall function 003712F6: SetWindowTextW.USER32(00000000,003A45F4), ref: 00371350
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 0038C800
                                                                                                                                  • SendMessageW.USER32(?,00000080,00000001,?), ref: 0038C827
                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0038C840
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 0038C851
                                                                                                                                  • GetDlgItem.USER32(?,00000065), ref: 0038C85A
                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0038C86E
                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0038C884
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                                                  • String ID: LICENSEDLG
                                                                                                                                  • API String ID: 3214253823-2177901306
                                                                                                                                  • Opcode ID: be3278c1f755ef7d2b13bc9b25fffa8a84bee0c960d3c03089728072c26d0479
                                                                                                                                  • Instruction ID: dbf77a1af45014d8c998de3829e8578436a6f8106c78f91896a14a413f68f514
                                                                                                                                  • Opcode Fuzzy Hash: be3278c1f755ef7d2b13bc9b25fffa8a84bee0c960d3c03089728072c26d0479
                                                                                                                                  • Instruction Fuzzy Hash: 8321A1322A1701BBEA136F65FC49F7B3BADEB46B85F014456F600A60A0CB6298019B31
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037B5D6 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 87COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 0037B5E2
                                                                                                                                    • Part of subcall function 00382701: GetSystemTime.KERNEL32(?), ref: 0038270F
                                                                                                                                    • Part of subcall function 00382701: SystemTimeToFileTime.KERNEL32(?,?), ref: 0038271D
                                                                                                                                    • Part of subcall function 003826AA: __aulldiv.LIBCMT ref: 003826B3
                                                                                                                                  • __aulldiv.LIBCMT ref: 0037B60E
                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,000186A0,00000000,?,?,00000800,?), ref: 0037B615
                                                                                                                                  • _swprintf.LIBCMT ref: 0037B640
                                                                                                                                    • Part of subcall function 00374A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00374A33
                                                                                                                                  • _wcslen.LIBCMT ref: 0037B64A
                                                                                                                                  • _swprintf.LIBCMT ref: 0037B6A0
                                                                                                                                  • _wcslen.LIBCMT ref: 0037B6AA
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time_wcslen$System__aulldiv_swprintf$CurrentFileProcess__vswprintf_c_l
                                                                                                                                  • String ID: %u.%03u
                                                                                                                                  • API String ID: 2956649372-1114938957
                                                                                                                                  • Opcode ID: e480c701d585f9c2cbe495e0861356039cc9708cad1e1ab81ab83b0dbe8f2f12
                                                                                                                                  • Instruction ID: 42991b57ef9bc130ad049e62d00238776c38c3f0acf0c2ff9682ec8c8cd9743b
                                                                                                                                  • Opcode Fuzzy Hash: e480c701d585f9c2cbe495e0861356039cc9708cad1e1ab81ab83b0dbe8f2f12
                                                                                                                                  • Instruction Fuzzy Hash: 412197726043009FD626EF65CC45E9BB7ECEBD4710F108929F549D7241DB34D90887A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038BC2B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 0038BC3F
                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 0038BC50
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 0038BC5E
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 0038BC6C
                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0038BC87
                                                                                                                                  • GetTimeFormatW.KERNEL32(00000400,?,?,00000000,?,00000032), ref: 0038BCAE
                                                                                                                                  • _swprintf.LIBCMT ref: 0038BCD4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$System$File$Format$DateLocalSpecific_swprintf
                                                                                                                                  • String ID: %s %s
                                                                                                                                  • API String ID: 385609497-2939940506
                                                                                                                                  • Opcode ID: a20af8ff9161cf16919919d2d71d50a95dbc59873ca1b5c59fc8f4117e92f254
                                                                                                                                  • Instruction ID: adc9f0aee7074d0d65eccb18eb1766cef76834195779a99df0bbde37ca9fda90
                                                                                                                                  • Opcode Fuzzy Hash: a20af8ff9161cf16919919d2d71d50a95dbc59873ca1b5c59fc8f4117e92f254
                                                                                                                                  • Instruction Fuzzy Hash: 4521F4B254014DABDB22DFA1EC44EEF3BACFF9A304F040426FA06D2111E760DA498B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00390ED0 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,0037C43F,0037C441,00000000,00000000,10C4CCF5,00000001,00000000,00000000,0037C32C,?,?,?,0037C43F,ROOT\CIMV2), ref: 00390F59
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,0037C43F,?,00000000,00000000,?,?,?,?,?,0037C43F), ref: 00390FD4
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00390FDF
                                                                                                                                  • _com_issue_error.COMSUPP ref: 00391008
                                                                                                                                  • _com_issue_error.COMSUPP ref: 00391012
                                                                                                                                  • GetLastError.KERNEL32(80070057,10C4CCF5,00000001,00000000,00000000,0037C32C,?,?,?,0037C43F,ROOT\CIMV2), ref: 00391017
                                                                                                                                  • _com_issue_error.COMSUPP ref: 0039102A
                                                                                                                                  • GetLastError.KERNEL32(00000000,?,0037C43F,ROOT\CIMV2), ref: 00391040
                                                                                                                                  • _com_issue_error.COMSUPP ref: 00391053
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1353541977-0
                                                                                                                                  • Opcode ID: 25a48d73f275af9b51c83695138f0550a42e4b4bd2ee003c05645683ce93a213
                                                                                                                                  • Instruction ID: 1a734bfc9a2d5c5fbd5a752d372c0712e755d234657523f148395d48229308d0
                                                                                                                                  • Opcode Fuzzy Hash: 25a48d73f275af9b51c83695138f0550a42e4b4bd2ee003c05645683ce93a213
                                                                                                                                  • Instruction Fuzzy Hash: E54127B1A00215AFDF16DF69DC45BAFBBA8EF49710F104229F505EB380D776A940CBA4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037C3F7 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                                                                  • API String ID: 3519838083-3505469590
                                                                                                                                  • Opcode ID: 05521da9c3eb0cfd43d6cc3db37c28d298e65cf78773a520afb40301dd8cac61
                                                                                                                                  • Instruction ID: aa2b02a182a70c2eb9ecc9218102767c23c0e3df9c6e0b7d27d3b48274458872
                                                                                                                                  • Opcode Fuzzy Hash: 05521da9c3eb0cfd43d6cc3db37c28d298e65cf78773a520afb40301dd8cac61
                                                                                                                                  • Instruction Fuzzy Hash: 62719F71A10219AFDF26DFA5CC94ABEB7B9FF8A310B05455DE406E72A0CB74AD01CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037A5E9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 0037A5EE
                                                                                                                                  • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 0037A611
                                                                                                                                  • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 0037A630
                                                                                                                                    • Part of subcall function 0037D6A7: _wcslen.LIBCMT ref: 0037D6AF
                                                                                                                                    • Part of subcall function 00383316: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00013316,0037D523,00000000,.exe,?,?,00000800,?,?,?,00389E5C), ref: 0038332C
                                                                                                                                  • _swprintf.LIBCMT ref: 0037A6CC
                                                                                                                                    • Part of subcall function 00374A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00374A33
                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 0037A73B
                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 0037A77B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                                                                  • String ID: rtmp%d
                                                                                                                                  • API String ID: 3726343395-3303766350
                                                                                                                                  • Opcode ID: 75c932d51f8cbc591824e181567fcfe08c4ec4c410901495344eb8bf5418a794
                                                                                                                                  • Instruction ID: 37cf44026a17bb1449dde391b61061b91d13b667972d33ef36c02e2e3b9ac565
                                                                                                                                  • Opcode Fuzzy Hash: 75c932d51f8cbc591824e181567fcfe08c4ec4c410901495344eb8bf5418a794
                                                                                                                                  • Instruction Fuzzy Hash: 27417271900A68AACF32EBA4CC84EEF737CBF85340F0444A5B549E7045EB799A859F61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00382538 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __aulldiv.LIBCMT ref: 0038254E
                                                                                                                                    • Part of subcall function 0037C619: GetVersionExW.KERNEL32(?), ref: 0037C63E
                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,00000001), ref: 00382571
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,00000001), ref: 00382583
                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00382594
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 003825A4
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 003825B4
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 003825EF
                                                                                                                                  • __aullrem.LIBCMT ref: 00382699
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1247370737-0
                                                                                                                                  • Opcode ID: 0db11d47f28ed0b1b3af658878ab8ed20c959b7e7db19303e38b30bad4897da2
                                                                                                                                  • Instruction ID: da82f005a99ca6cd8422c7354b0bb8811513fa2e1d6b7e4202c4f696558d6654
                                                                                                                                  • Opcode Fuzzy Hash: 0db11d47f28ed0b1b3af658878ab8ed20c959b7e7db19303e38b30bad4897da2
                                                                                                                                  • Instruction Fuzzy Hash: 034106B2508305AFC715DF65C88496BFBE9FB88314F008A2EF996C2210E775E549CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038AD1E Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID: </p>$</style>$<br>$<style>$>
                                                                                                                                  • API String ID: 176396367-3568243669
                                                                                                                                  • Opcode ID: 5898f5389553dc3f580b19e3ed356a4b66fb2cf0c3c2b81e4b21b89772deb575
                                                                                                                                  • Instruction ID: 6c25a70c5cee0259c35ef7415542e0a19ef9837b08a33c1889309154ae9930ba
                                                                                                                                  • Opcode Fuzzy Hash: 5898f5389553dc3f580b19e3ed356a4b66fb2cf0c3c2b81e4b21b89772deb575
                                                                                                                                  • Instruction Fuzzy Hash: 42515926640B2391FB327A14982177673E0DFA0751F6A489BF9C0CB6C0FBA59D858353
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003A084D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,003A0FC2,00000000,00000000,00000000,00000000,00000000,?), ref: 003A088F
                                                                                                                                  • __fassign.LIBCMT ref: 003A090A
                                                                                                                                  • __fassign.LIBCMT ref: 003A0925
                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 003A094B
                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000000,003A0FC2,00000000,?,?,?,?,?,?,?,?,?,003A0FC2,00000000), ref: 003A096A
                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000001,003A0FC2,00000000,?,?,?,?,?,?,?,?,?,003A0FC2,00000000), ref: 003A09A3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                  • Opcode ID: 6fcd4021b427c1e3b8f2163a4e0d59f95a26d22bdb373aeff6ff009f5e1cdc43
                                                                                                                                  • Instruction ID: b82dee2f36d66649ebc7845ee76d2d458c074f1117a896ad3f921efabe123f64
                                                                                                                                  • Opcode Fuzzy Hash: 6fcd4021b427c1e3b8f2163a4e0d59f95a26d22bdb373aeff6ff009f5e1cdc43
                                                                                                                                  • Instruction Fuzzy Hash: EB51A371E00249AFDB16CFA8D885BEEBBF8EF4A300F14411EE555E7262D7709941CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00393A90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00393AC7
                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00393ACF
                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00393B58
                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00393B83
                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00393BD8
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                  • String ID: csm
                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                  • Opcode ID: 885e8a45a98bf062e195377f70c83d18b7823679fd0128101aaac359af70c18e
                                                                                                                                  • Instruction ID: 8cb7b84b085855c49943c6fc2626de2b030af557df7c3ef776e18ee22a95d382
                                                                                                                                  • Opcode Fuzzy Hash: 885e8a45a98bf062e195377f70c83d18b7823679fd0128101aaac359af70c18e
                                                                                                                                  • Instruction Fuzzy Hash: 2941B5B4A00208AFCF12DF69C885A9EBBB5EF45328F158155E814AB352D771DF06CF91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038AEF5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 0038AF0E
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0038AF64
                                                                                                                                  • ShowWindow.USER32(?,00000005,00000000), ref: 0038B001
                                                                                                                                  • SetWindowTextW.USER32(?,00000000), ref: 0038B009
                                                                                                                                  • ShowWindow.USER32(00000000,00000005), ref: 0038B01F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Show$RectText
                                                                                                                                  • String ID: RarHtmlClassName
                                                                                                                                  • API String ID: 3937224194-1658105358
                                                                                                                                  • Opcode ID: c4b0ec1e86f311a460a26499ee747a742e5f24ceb42aad3bc74a6a39332a193e
                                                                                                                                  • Instruction ID: 85d074351632a948e5d38b651f4037a261ba88c847e57ee86a38ff0f5633ac41
                                                                                                                                  • Opcode Fuzzy Hash: c4b0ec1e86f311a460a26499ee747a742e5f24ceb42aad3bc74a6a39332a193e
                                                                                                                                  • Instruction Fuzzy Hash: 9A41D071405705AFDF23AF20EC49B6BBFACEF48701F15459AF9999A052DB30D904CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038A975 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                                  • API String ID: 176396367-3743748572
                                                                                                                                  • Opcode ID: 1c0eff104170da1232c159a74fbed67f1a1569f00553423a901d1a8e66027962
                                                                                                                                  • Instruction ID: a0f94c95cab9cf2761429a6614271a54043ceca831feb7977519481010df1768
                                                                                                                                  • Opcode Fuzzy Hash: 1c0eff104170da1232c159a74fbed67f1a1569f00553423a901d1a8e66027962
                                                                                                                                  • Instruction Fuzzy Hash: B4317231644B0596FA3ABB549C41B7673E4EB50710F11841FF4855B6C0F754AD54C357
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039DA64 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0039DA28: _free.LIBCMT ref: 0039DA51
                                                                                                                                  • _free.LIBCMT ref: 0039DAB2
                                                                                                                                    • Part of subcall function 0039A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,0039DA56,003A4ADC,00000000,003A4ADC,00000000,?,0039DA7D,003A4ADC,00000007,003A4ADC,?,0039DE7A,003A4ADC), ref: 0039A680
                                                                                                                                    • Part of subcall function 0039A66A: GetLastError.KERNEL32(003A4ADC,?,0039DA56,003A4ADC,00000000,003A4ADC,00000000,?,0039DA7D,003A4ADC,00000007,003A4ADC,?,0039DE7A,003A4ADC,003A4ADC), ref: 0039A692
                                                                                                                                  • _free.LIBCMT ref: 0039DABD
                                                                                                                                  • _free.LIBCMT ref: 0039DAC8
                                                                                                                                  • _free.LIBCMT ref: 0039DB1C
                                                                                                                                  • _free.LIBCMT ref: 0039DB27
                                                                                                                                  • _free.LIBCMT ref: 0039DB32
                                                                                                                                  • _free.LIBCMT ref: 0039DB3D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: ed90a822092467ab948ce4ab8a4e5ff1fef504289117e408d2aed02f462530fb
                                                                                                                                  • Instruction ID: a5f7267090ce8f6e4893a13c325629181b3dd097bdf5ffd8cc47f463666bb055
                                                                                                                                  • Opcode Fuzzy Hash: ed90a822092467ab948ce4ab8a4e5ff1fef504289117e408d2aed02f462530fb
                                                                                                                                  • Instruction Fuzzy Hash: 6A119D71954B04BADE22BBB1CC07FCBB7ACAF14710F440D14B39AAE092DA74B5258791
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038F77A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,0038F7F5,0038F758,0038F9F9), ref: 0038F791
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0038F7A7
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0038F7BC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                  • API String ID: 667068680-1718035505
                                                                                                                                  • Opcode ID: 261a3a25bb6d493be9fdb43e2601e0c26adb7822a4a3a42f38c6a557d28b18df
                                                                                                                                  • Instruction ID: 8f8f44156aa79fd988db48993b67e90954e7127e79e2354124a5ae40a14f6def
                                                                                                                                  • Opcode Fuzzy Hash: 261a3a25bb6d493be9fdb43e2601e0c26adb7822a4a3a42f38c6a557d28b18df
                                                                                                                                  • Instruction Fuzzy Hash: B4F0C2317023225FBF23AF645C81566629D9B42BD972604BBFA11D3200D650CC455BD1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00382799 Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 003827F1
                                                                                                                                    • Part of subcall function 0037C619: GetVersionExW.KERNEL32(?), ref: 0037C63E
                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00382815
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 0038282F
                                                                                                                                  • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00382842
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00382852
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00382862
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2092733347-0
                                                                                                                                  • Opcode ID: 92d014d2794c91f65e51c9c01c5329d1a3ef07e026c0c2c5f1ae7707029b7e90
                                                                                                                                  • Instruction ID: 8dd216e801d3f5f802456f996cc9f4bac86ea6c032bf9a2714727a56a3727f76
                                                                                                                                  • Opcode Fuzzy Hash: 92d014d2794c91f65e51c9c01c5329d1a3ef07e026c0c2c5f1ae7707029b7e90
                                                                                                                                  • Instruction Fuzzy Hash: 19310675108306ABC705DFA9D88499BB7ECFF98714F005A1EF999C3210E770D549CBA6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00393C8A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,?,00393C81,00393A3C,00390BF4), ref: 00393C98
                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00393CA6
                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00393CBF
                                                                                                                                  • SetLastError.KERNEL32(00000000,00393C81,00393A3C,00390BF4), ref: 00393D11
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                  • Opcode ID: b82c46a63996169012ee7afce34b4bb8a06ceb50f9131ef7985d5cef2163da2b
                                                                                                                                  • Instruction ID: 22cae2602b022872e458e707aa1ae36fde248cc907d494f428717ed244b887be
                                                                                                                                  • Opcode Fuzzy Hash: b82c46a63996169012ee7afce34b4bb8a06ceb50f9131ef7985d5cef2163da2b
                                                                                                                                  • Instruction Fuzzy Hash: D3012BB261D7225EAF1B27B47C86A6B6B4CEB41778F310329F7206A0E1EF519D015AC0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039A515 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,003B3070,00395982,003B3070,?,?,00395281,00000050,?,003B3070,00000200), ref: 0039A519
                                                                                                                                  • _free.LIBCMT ref: 0039A54C
                                                                                                                                  • _free.LIBCMT ref: 0039A574
                                                                                                                                  • SetLastError.KERNEL32(00000000,?,003B3070,00000200), ref: 0039A581
                                                                                                                                  • SetLastError.KERNEL32(00000000,?,003B3070,00000200), ref: 0039A58D
                                                                                                                                  • _abort.LIBCMT ref: 0039A593
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3160817290-0
                                                                                                                                  • Opcode ID: 6c46cfed6f44d3d78425664aa15f78f2276b67883c7567e07d27d0d8dc752c7a
                                                                                                                                  • Instruction ID: db89611fbc53a9837ff7c80e5d9c78f7f4ecce908b18c56a3f5a230c48b0e91e
                                                                                                                                  • Opcode Fuzzy Hash: 6c46cfed6f44d3d78425664aa15f78f2276b67883c7567e07d27d0d8dc752c7a
                                                                                                                                  • Instruction Fuzzy Hash: 34F0C836240D00A7CE1773297C4AF2B166D9BC3760F370314FA9496292EF658D0195D6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037D4D2 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00381907: _wcslen.LIBCMT ref: 0038190D
                                                                                                                                    • Part of subcall function 0037CD5C: _wcsrchr.LIBVCRUNTIME ref: 0037CD73
                                                                                                                                  • _wcslen.LIBCMT ref: 0037D5A4
                                                                                                                                  • _wcslen.LIBCMT ref: 0037D5EC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$_wcsrchr
                                                                                                                                  • String ID: .exe$.rar$.sfx
                                                                                                                                  • API String ID: 3513545583-31770016
                                                                                                                                  • Opcode ID: 43faad9a611f77a9bd93bc4a2e77e9d82de3f4ba16eee01148c197415d960abe
                                                                                                                                  • Instruction ID: 3928e699793c2b7a6b65ad0352df517b37923eb4767da06cabee89a1d25cd1f3
                                                                                                                                  • Opcode Fuzzy Hash: 43faad9a611f77a9bd93bc4a2e77e9d82de3f4ba16eee01148c197415d960abe
                                                                                                                                  • Instruction Fuzzy Hash: 3F4139125003119AC733BF34984197B73B8EF57768B12854EF88E9B181E7598D42C3A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037CF32 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 0037CF56
                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,0037B505,?,?,00000800,?,?,0037B4CA,?), ref: 0037CFF4
                                                                                                                                  • _wcslen.LIBCMT ref: 0037D06A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$CurrentDirectory
                                                                                                                                  • String ID: UNC$\\?\
                                                                                                                                  • API String ID: 3341907918-253988292
                                                                                                                                  • Opcode ID: 013338ebe6ccb723e4dda2cd34242799d5863d9da21c1c807e0275ce634cd6ab
                                                                                                                                  • Instruction ID: 1a30c6b4d9f8a39a18d22d0904f0cf2893e0ab6f60dfd210ca5865e45d60c632
                                                                                                                                  • Opcode Fuzzy Hash: 013338ebe6ccb723e4dda2cd34242799d5863d9da21c1c807e0275ce634cd6ab
                                                                                                                                  • Instruction Fuzzy Hash: A5418031440219AADF33BF60CC41EEA77BDEF46350F119465F858EB141E7789952CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038C8CD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadBitmapW.USER32(00000065), ref: 0038C8DD
                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 0038C902
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 0038C934
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 0038C957
                                                                                                                                    • Part of subcall function 0038B6D2: FindResourceW.KERNELBASE(?,PNG,00000000,?,?,?,0038C92D,00000066), ref: 0038B6E5
                                                                                                                                    • Part of subcall function 0038B6D2: SizeofResource.KERNEL32(00000000,?,?,?,0038C92D,00000066), ref: 0038B6FC
                                                                                                                                    • Part of subcall function 0038B6D2: LoadResource.KERNEL32(00000000,?,?,?,0038C92D,00000066), ref: 0038B713
                                                                                                                                    • Part of subcall function 0038B6D2: LockResource.KERNEL32(00000000,?,?,?,0038C92D,00000066), ref: 0038B722
                                                                                                                                    • Part of subcall function 0038B6D2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0038C92D,00000066), ref: 0038B73D
                                                                                                                                    • Part of subcall function 0038B6D2: GlobalLock.KERNEL32(00000000,?,?,?,?,?,0038C92D,00000066), ref: 0038B74E
                                                                                                                                    • Part of subcall function 0038B6D2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0038B7B7
                                                                                                                                    • Part of subcall function 0038B6D2: GlobalUnlock.KERNEL32(00000000), ref: 0038B7D6
                                                                                                                                    • Part of subcall function 0038B6D2: GlobalFree.KERNEL32(00000000), ref: 0038B7DD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: GlobalResource$Object$BitmapDeleteLoadLock$AllocCreateFindFreeFromGdipSizeofUnlock
                                                                                                                                  • String ID: ]
                                                                                                                                  • API String ID: 1428510222-3352871620
                                                                                                                                  • Opcode ID: c42dc16062c6d0c555580cfb5c1b45c4a4ddbcbff2021b5ad0d6cff29caf1710
                                                                                                                                  • Instruction ID: 9def13b9d7e7f20a7947fb68b56ee4b82607e93c076974ccd7ef4b9a40772de5
                                                                                                                                  • Opcode Fuzzy Hash: c42dc16062c6d0c555580cfb5c1b45c4a4ddbcbff2021b5ad0d6cff29caf1710
                                                                                                                                  • Instruction Fuzzy Hash: 8701B53654171667CB133764AC09A7FBA7DAF81BA1F1A0195F900BB292DF718C0587B0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038E750 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 003712F6: GetDlgItem.USER32(00000000,00003021), ref: 0037133A
                                                                                                                                    • Part of subcall function 003712F6: SetWindowTextW.USER32(00000000,003A45F4), ref: 00371350
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 0038E79B
                                                                                                                                  • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0038E7B1
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000066,?), ref: 0038E7C5
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000068), ref: 0038E7D4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemText$DialogWindow
                                                                                                                                  • String ID: RENAMEDLG
                                                                                                                                  • API String ID: 445417207-3299779563
                                                                                                                                  • Opcode ID: 5085ad1dadeb3823fb702c5c4af3965d9856ece4e3e11691f25bbe2a4d27602d
                                                                                                                                  • Instruction ID: 3db9dff51ce432ac3a65256c63c51189fd08029421a1e3232fe233170c0b4a77
                                                                                                                                  • Opcode Fuzzy Hash: 5085ad1dadeb3823fb702c5c4af3965d9856ece4e3e11691f25bbe2a4d27602d
                                                                                                                                  • Instruction Fuzzy Hash: 3701F733386310BBE623AFB8BC49F677B5DFB5A702F110462F301A64D0C6A699058765
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00399235 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,003991E6,00000000,?,00399186,00000000,003AD570,0000000C,003992DD,00000000,00000002), ref: 00399255
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00399268
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,003991E6,00000000,?,00399186,00000000,003AD570,0000000C,003992DD,00000000,00000002), ref: 0039928B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                  • Opcode ID: 790bd95785a9b88e8ea87dba6d34971feb582620b10bed371f8110e1941998c6
                                                                                                                                  • Instruction ID: c14a93d6c9a44e83038fe6d38472342af1729663fbe0b16c3334307727faaaac
                                                                                                                                  • Opcode Fuzzy Hash: 790bd95785a9b88e8ea87dba6d34971feb582620b10bed371f8110e1941998c6
                                                                                                                                  • Instruction Fuzzy Hash: EFF04F31A00208BBDF169BA9DC49BDEBFB8EB46755F0105A9F905A2161CB709E80CA90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003712F6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0037F608: _swprintf.LIBCMT ref: 0037F62E
                                                                                                                                    • Part of subcall function 0037F608: _strlen.LIBCMT ref: 0037F64F
                                                                                                                                    • Part of subcall function 0037F608: SetDlgItemTextW.USER32(?,003B0274,?), ref: 0037F6AF
                                                                                                                                    • Part of subcall function 0037F608: GetWindowRect.USER32(?,?), ref: 0037F6E9
                                                                                                                                    • Part of subcall function 0037F608: GetClientRect.USER32(?,?), ref: 0037F6F5
                                                                                                                                  • GetDlgItem.USER32(00000000,00003021), ref: 0037133A
                                                                                                                                  • SetWindowTextW.USER32(00000000,003A45F4), ref: 00371350
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                                                  • String ID: 0$p0;$p0;
                                                                                                                                  • API String ID: 2622349952-2651547951
                                                                                                                                  • Opcode ID: 5b0a8c3f99d59dbb359a3d83a598815fa76e4b19b2c140b5745cb93b92dc0386
                                                                                                                                  • Instruction ID: 355b62ad54c17cadb8d54ff78f71f7fb87390e4c7d7385a85b5ae4cc598ea05b
                                                                                                                                  • Opcode Fuzzy Hash: 5b0a8c3f99d59dbb359a3d83a598815fa76e4b19b2c140b5745cb93b92dc0386
                                                                                                                                  • Instruction Fuzzy Hash: 73F03C39111648ABEF675E689809BE93BA8BF05798F05C126FD49548A1CB78C990EA10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00380627 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00381B3B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00381B56
                                                                                                                                    • Part of subcall function 00381B3B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0038063A,Crypt32.dll,00000000,003806B4,00000200,?,00380697,00000000,00000000,?), ref: 00381B78
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00380646
                                                                                                                                  • GetProcAddress.KERNEL32(003BA1F0,CryptUnprotectMemory), ref: 00380656
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                                  • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                                                  • API String ID: 2141747552-1753850145
                                                                                                                                  • Opcode ID: 943d74ce91fbea740e17370adc4c3f9a4997a2618cceabc60332b54e29e5ec60
                                                                                                                                  • Instruction ID: 6cf61057a994048ee8c5edc548ff0442e14c2a43d9a8eedd7107920014a81514
                                                                                                                                  • Opcode Fuzzy Hash: 943d74ce91fbea740e17370adc4c3f9a4997a2618cceabc60332b54e29e5ec60
                                                                                                                                  • Instruction Fuzzy Hash: CBE086708047119ED7336F74A949B42BFE8DF96700F11885DE2D593551E7F4D4418B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00393D6A Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AdjustPointer$_abort
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2252061734-0
                                                                                                                                  • Opcode ID: 033aa5f9345605059f7b352dc12a50e6cabf1a30662e29f6050a489d57848280
                                                                                                                                  • Instruction ID: 2ed4f01c556f30bc07196bf1fce2be75c133bca9417e0abcfe7e76e51e8de597
                                                                                                                                  • Opcode Fuzzy Hash: 033aa5f9345605059f7b352dc12a50e6cabf1a30662e29f6050a489d57848280
                                                                                                                                  • Instruction Fuzzy Hash: D551E2F6A012029FEF2B8F15D951BBA77A8EF44310F15452DEC469B6A0E771EE40CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039D0F0 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 0039D0F9
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0039D11C
                                                                                                                                    • Part of subcall function 0039A7FE: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0039DBEC,00000000,?,003980B1,?,00000008,?,0039A871,?,?,?), ref: 0039A830
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0039D142
                                                                                                                                  • _free.LIBCMT ref: 0039D155
                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0039D164
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 336800556-0
                                                                                                                                  • Opcode ID: 70f468776ab0e24bc84232d4ec3f04a88c34b0f3e8f286bd73bff64627a35dd1
                                                                                                                                  • Instruction ID: 6e964d051e4b653f01ae6a8eea94beab8bf1c3a8f489cc0512a79176ade5a3be
                                                                                                                                  • Opcode Fuzzy Hash: 70f468776ab0e24bc84232d4ec3f04a88c34b0f3e8f286bd73bff64627a35dd1
                                                                                                                                  • Instruction Fuzzy Hash: 7901AC736016157F6B6356BA5C8EC7B6A6DDEC7BA07150129FD04C7300DA648C02C1B1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039A599 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,003B3070,00000200,0039A7F0,00397596,?,?,?,?,0037ECA4,?,?,?,00000004,0037EA30,?), ref: 0039A59E
                                                                                                                                  • _free.LIBCMT ref: 0039A5D3
                                                                                                                                  • _free.LIBCMT ref: 0039A5FA
                                                                                                                                  • SetLastError.KERNEL32(00000000,003A4ADC,00000050,003B3070), ref: 0039A607
                                                                                                                                  • SetLastError.KERNEL32(00000000,003A4ADC,00000050,003B3070), ref: 0039A610
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                  • Opcode ID: a3f6a4169e27de632522c7aa3e4ba26b8ce89b7c5dfb0065d39c5bf7a8801581
                                                                                                                                  • Instruction ID: 10b4e8a3886c6e77a863a4815da9f0bde11ae899ea8a75f6f49f6735436df30e
                                                                                                                                  • Opcode Fuzzy Hash: a3f6a4169e27de632522c7aa3e4ba26b8ce89b7c5dfb0065d39c5bf7a8801581
                                                                                                                                  • Instruction Fuzzy Hash: AA012836244E00B7CE1777796C86D1B266EDBC2374B3B0328F95596282EF708D0161E6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038220D Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 003824EF: ResetEvent.KERNEL32(?), ref: 00382501
                                                                                                                                    • Part of subcall function 003824EF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00382515
                                                                                                                                  • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00382241
                                                                                                                                  • CloseHandle.KERNEL32(?,?), ref: 0038225B
                                                                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 00382274
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00382280
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0038228C
                                                                                                                                    • Part of subcall function 00382303: WaitForSingleObject.KERNEL32(?,000000FF,00382526,?), ref: 00382309
                                                                                                                                    • Part of subcall function 00382303: GetLastError.KERNEL32(?), ref: 00382315
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1868215902-0
                                                                                                                                  • Opcode ID: e83d4c022692ed78ba372fdfbfbe20614d500aba853e5dfa3dd536d096c84f5c
                                                                                                                                  • Instruction ID: c87007a7c667b9dd553bc71fd772b7cb89b4a78a649134ffbcdab258ee1fbbe7
                                                                                                                                  • Opcode Fuzzy Hash: e83d4c022692ed78ba372fdfbfbe20614d500aba853e5dfa3dd536d096c84f5c
                                                                                                                                  • Instruction Fuzzy Hash: F501B176000704EFC723EB68DD84BC7FBADFB49710F000929F26A521A0CBB56A55DB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039D9BF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 0039D9D7
                                                                                                                                    • Part of subcall function 0039A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,0039DA56,003A4ADC,00000000,003A4ADC,00000000,?,0039DA7D,003A4ADC,00000007,003A4ADC,?,0039DE7A,003A4ADC), ref: 0039A680
                                                                                                                                    • Part of subcall function 0039A66A: GetLastError.KERNEL32(003A4ADC,?,0039DA56,003A4ADC,00000000,003A4ADC,00000000,?,0039DA7D,003A4ADC,00000007,003A4ADC,?,0039DE7A,003A4ADC,003A4ADC), ref: 0039A692
                                                                                                                                  • _free.LIBCMT ref: 0039D9E9
                                                                                                                                  • _free.LIBCMT ref: 0039D9FB
                                                                                                                                  • _free.LIBCMT ref: 0039DA0D
                                                                                                                                  • _free.LIBCMT ref: 0039DA1F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 6a7a3ae9eeaf60e1a8a222baacc924241554f7477e2de7c534b5497d75e45939
                                                                                                                                  • Instruction ID: e36d7299dffd4b85eddc645622a79a2db8972144e1efa4fa253bf50e67c69fa3
                                                                                                                                  • Opcode Fuzzy Hash: 6a7a3ae9eeaf60e1a8a222baacc924241554f7477e2de7c534b5497d75e45939
                                                                                                                                  • Instruction Fuzzy Hash: 4FF0FF72514A00ABCE26EB64F986C1673EDBB14710B590E05F148EB541CB70FC9086A4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00383338 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 00383340
                                                                                                                                  • _wcslen.LIBCMT ref: 00383351
                                                                                                                                  • _wcslen.LIBCMT ref: 00383361
                                                                                                                                  • _wcslen.LIBCMT ref: 0038336F
                                                                                                                                  • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,0037C844,?,?,00000000,?,?,?), ref: 0038338A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$CompareString
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3397213944-0
                                                                                                                                  • Opcode ID: 41912e3a9d9777b2edab5d50663c8b1a24cb3d48372d608e1e826d2e05a52417
                                                                                                                                  • Instruction ID: 93ec53ccbbc7b9aa5411bd63d36bfbb96d160ea0421bd0caf4ef184c8d19efa9
                                                                                                                                  • Opcode Fuzzy Hash: 41912e3a9d9777b2edab5d50663c8b1a24cb3d48372d608e1e826d2e05a52417
                                                                                                                                  • Instruction Fuzzy Hash: 19F01732008215BBDF136F61EC09CCE7F26EF95B60B218015F62A5E061DA72966A9B90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00399CD0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 00399CEE
                                                                                                                                    • Part of subcall function 0039A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,0039DA56,003A4ADC,00000000,003A4ADC,00000000,?,0039DA7D,003A4ADC,00000007,003A4ADC,?,0039DE7A,003A4ADC), ref: 0039A680
                                                                                                                                    • Part of subcall function 0039A66A: GetLastError.KERNEL32(003A4ADC,?,0039DA56,003A4ADC,00000000,003A4ADC,00000000,?,0039DA7D,003A4ADC,00000007,003A4ADC,?,0039DE7A,003A4ADC,003A4ADC), ref: 0039A692
                                                                                                                                  • _free.LIBCMT ref: 00399D00
                                                                                                                                  • _free.LIBCMT ref: 00399D13
                                                                                                                                  • _free.LIBCMT ref: 00399D24
                                                                                                                                  • _free.LIBCMT ref: 00399D35
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 8c60073523f66f5d46ca89e73ea063234204cbb09e7c90dc3defaa0ccb3aaa19
                                                                                                                                  • Instruction ID: f41c31665016f1990f28b8d43f9fc991ac423128418d9dbbdca25683206662b2
                                                                                                                                  • Opcode Fuzzy Hash: 8c60073523f66f5d46ca89e73ea063234204cbb09e7c90dc3defaa0ccb3aaa19
                                                                                                                                  • Instruction Fuzzy Hash: F4F0FEB48039209BCA07BF18FC428053BB9F725725B050B0BF5A96A275C77199518BC5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00382948 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _swprintf
                                                                                                                                  • String ID: %ls$%s: %s
                                                                                                                                  • API String ID: 589789837-2259941744
                                                                                                                                  • Opcode ID: 1fc75454241567afa2437d8fe4605cd3ca49101af9b59fb75c49fa43cd8a24a1
                                                                                                                                  • Instruction ID: 223689906b8dea2bca3c95afee97be0aeace4b50d7710ba1ad211c9eea1eb8a6
                                                                                                                                  • Opcode Fuzzy Hash: 1fc75454241567afa2437d8fe4605cd3ca49101af9b59fb75c49fa43cd8a24a1
                                                                                                                                  • Instruction Fuzzy Hash: 8751B131688700FEEA377A948C02F37765DAF19B01F2085C6F7CB688E5CBA59560A717
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00399330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00399370
                                                                                                                                  • _free.LIBCMT ref: 0039943B
                                                                                                                                  • _free.LIBCMT ref: 00399445
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                  • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                  • API String ID: 2506810119-517116171
                                                                                                                                  • Opcode ID: 44b48fc314ddd5f54f5563b99095cc524fb6bbf06bd4ea0bdcd489107211aea5
                                                                                                                                  • Instruction ID: 848a56a110dfbe2a764cddb02d1cad984a702f94c3cee89df3a383541a18f5b4
                                                                                                                                  • Opcode Fuzzy Hash: 44b48fc314ddd5f54f5563b99095cc524fb6bbf06bd4ea0bdcd489107211aea5
                                                                                                                                  • Instruction Fuzzy Hash: 03318271A04208EFDF23DF9AE881E9EBBFCEB85710F1541ABF5049B251D7708A418B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00394366 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0039438B
                                                                                                                                  • _abort.LIBCMT ref: 00394496
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EncodePointer_abort
                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                  • API String ID: 948111806-2084237596
                                                                                                                                  • Opcode ID: 1a73699dba3b6c22f948ed5c5131c5238f2466c9ba68a03c240d525920bad742
                                                                                                                                  • Instruction ID: 37ca5fbdcad84fbde9e29baff402298d434aaa12c841e900fa163ebb391df732
                                                                                                                                  • Opcode Fuzzy Hash: 1a73699dba3b6c22f948ed5c5131c5238f2466c9ba68a03c240d525920bad742
                                                                                                                                  • Instruction Fuzzy Hash: 9D414872900209AFCF16DFA8DD81EAEBBB5BF48304F158159FA046B221D3359962DB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00377F1B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00377F20
                                                                                                                                    • Part of subcall function 003742F1: __EH_prolog.LIBCMT ref: 003742F6
                                                                                                                                  • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00377FE5
                                                                                                                                    • Part of subcall function 00378704: GetCurrentProcess.KERNEL32(00000020,?), ref: 00378713
                                                                                                                                    • Part of subcall function 00378704: OpenProcessToken.ADVAPI32(00000000), ref: 0037871A
                                                                                                                                    • Part of subcall function 00378704: GetLastError.KERNEL32 ref: 00378759
                                                                                                                                    • Part of subcall function 00378704: CloseHandle.KERNEL32(?), ref: 00378768
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorH_prologLastProcess$CloseCurrentHandleOpenToken
                                                                                                                                  • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                                  • API String ID: 2595646239-639343689
                                                                                                                                  • Opcode ID: c45004715c6d70e26351cf49f0853a89bced2fefd3761027eed1e5542cc09485
                                                                                                                                  • Instruction ID: c77977040b2e640def4abd22c705ede9cd5bb0cdeb2c5ac21952e215dacca342
                                                                                                                                  • Opcode Fuzzy Hash: c45004715c6d70e26351cf49f0853a89bced2fefd3761027eed1e5542cc09485
                                                                                                                                  • Instruction Fuzzy Hash: 1A31C271980248BEDF33EB649C05BEE7BADEF45358F008065F509EA191CB7C8944CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038BDE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 003712F6: GetDlgItem.USER32(00000000,00003021), ref: 0037133A
                                                                                                                                    • Part of subcall function 003712F6: SetWindowTextW.USER32(00000000,003A45F4), ref: 00371350
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 0038BE68
                                                                                                                                  • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0038BE7D
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000066,?), ref: 0038BE92
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemText$DialogWindow
                                                                                                                                  • String ID: ASKNEXTVOL
                                                                                                                                  • API String ID: 445417207-3402441367
                                                                                                                                  • Opcode ID: 3d77b41d461a37c8ca3065fbd89fe22a4d44979a1c97830abed1d4056fad4a85
                                                                                                                                  • Instruction ID: 92d93606bf5be9052d5701904b3c6ec5458e0b524579ae83e6a67a5517330e0b
                                                                                                                                  • Opcode Fuzzy Hash: 3d77b41d461a37c8ca3065fbd89fe22a4d44979a1c97830abed1d4056fad4a85
                                                                                                                                  • Instruction Fuzzy Hash: 4211D332202212BFD623AF68FC45FB6BB6DEB4A740F050455F780AB0B5C762AD058766
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037EC0C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __fprintf_l.LIBCMT ref: 0037EC74
                                                                                                                                  • _strncpy.LIBCMT ref: 0037ECBA
                                                                                                                                    • Part of subcall function 003830F5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,003B3070,00000200,0037EC48,00000000,?,00000050,003B3070), ref: 00383112
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                                                                  • String ID: $%s$@%s
                                                                                                                                  • API String ID: 562999700-834177443
                                                                                                                                  • Opcode ID: c79f262b363df288350f9fd59853d936ae4873132c978bfd93ef4b4731bcc002
                                                                                                                                  • Instruction ID: d8dfea0be2d7b1bb939ffe833c871a46b3e8b652f516cffb7044ae4034906044
                                                                                                                                  • Opcode Fuzzy Hash: c79f262b363df288350f9fd59853d936ae4873132c978bfd93ef4b4731bcc002
                                                                                                                                  • Instruction Fuzzy Hash: 1021C076840309AEEF33DEA4CE42FDF3BE8AF09700F044562F9199A1A1E379D6048B51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00382166 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0037C04A,00000008,?,00000000,?,0037E685,?,00000000), ref: 003821A5
                                                                                                                                  • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0037C04A,00000008,?,00000000,?,0037E685,?,00000000), ref: 003821AF
                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0037C04A,00000008,?,00000000,?,0037E685,?,00000000), ref: 003821BF
                                                                                                                                  Strings
                                                                                                                                  • Thread pool initialization failed., xrefs: 003821D7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                                  • String ID: Thread pool initialization failed.
                                                                                                                                  • API String ID: 3340455307-2182114853
                                                                                                                                  • Opcode ID: 5e22f3df81d82d83a4e8f42c383363a512e2affb9e80e39199c9d01fb7d2a9ec
                                                                                                                                  • Instruction ID: 1e10a17214db0e4a7dc2f0333af97dc57a4f6e94708dbc3aef9e9adde27becfa
                                                                                                                                  • Opcode Fuzzy Hash: 5e22f3df81d82d83a4e8f42c383363a512e2affb9e80e39199c9d01fb7d2a9ec
                                                                                                                                  • Instruction Fuzzy Hash: 2211A7B1604705AFC3225F7A9C88AA7FBDCFB55344F61482EF6DAC3200DAB159408B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038EE2D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                                  • API String ID: 0-56093855
                                                                                                                                  • Opcode ID: 93d8f9cf896e4498539109d83030b65b333cfc24393c6ad4e17943327bd98e11
                                                                                                                                  • Instruction ID: 72cc1780e0bfb9ef80f877aea7ca24065145e2bd1ed6e80218e7e52a430010e9
                                                                                                                                  • Opcode Fuzzy Hash: 93d8f9cf896e4498539109d83030b65b333cfc24393c6ad4e17943327bd98e11
                                                                                                                                  • Instruction Fuzzy Hash: 7801B171605704AFC713AF29FC08A663BACFB45788F000166FA0693270C271A850DBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00374957 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 0037495C
                                                                                                                                    • Part of subcall function 0038FD1D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 0038FD29
                                                                                                                                    • Part of subcall function 0038FD1D: ___delayLoadHelper2@8.DELAYIMP ref: 0038FD4F
                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 00374967
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Xinvalid_argumentstd::_$Helper2@8Load___delaystd::invalid_argument::invalid_argument
                                                                                                                                  • String ID: string too long$vector too long
                                                                                                                                  • API String ID: 2355824318-1617939282
                                                                                                                                  • Opcode ID: 7646b170084dc714f958418d0c7d4fea0477ac8a21f75e5952fd017e49958a34
                                                                                                                                  • Instruction ID: a74b3b28f49a5b8a9e9ec2b7316ebcccb4b5d10c938cc35f3a6dbb95bf5732f6
                                                                                                                                  • Opcode Fuzzy Hash: 7646b170084dc714f958418d0c7d4fea0477ac8a21f75e5952fd017e49958a34
                                                                                                                                  • Instruction Fuzzy Hash: F6F08231200304AB4636AE59EC4584BF3EDEF86B503114526EB4987605D7B0B944CBB1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039ABDA Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __alldvrm$_strrchr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1036877536-0
                                                                                                                                  • Opcode ID: 838d351d10c979b051735ecdd2ea4a95940ff434e8fe6276b15dd9b2de709c18
                                                                                                                                  • Instruction ID: 3088b91efe836ff9cfbec6a37d33542d70f89134dce34148075e7a43553c6fbf
                                                                                                                                  • Opcode Fuzzy Hash: 838d351d10c979b051735ecdd2ea4a95940ff434e8fe6276b15dd9b2de709c18
                                                                                                                                  • Instruction Fuzzy Hash: C6A14872E00B869FEF17CF18C8917AEBBE5EF51310F294269E4859F281C6388D41C792
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037B74D Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00378D5C,?,?,?), ref: 0037B7F3
                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000800,?,00378D5C,?,?), ref: 0037B837
                                                                                                                                  • SetFileTime.KERNEL32(?,00378AEC,?,00000000,?,00000800,?,00378D5C,?,?,?,?,?,?,?,?), ref: 0037B8B8
                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000800,?,00378D5C,?,?,?,?,?,?,?,?,?,?), ref: 0037B8BF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Create$CloseHandleTime
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2287278272-0
                                                                                                                                  • Opcode ID: 7a872d85ef79f82c2fb4489a11741dba545bd54ece5bb6ac8fb542aeaeb5a083
                                                                                                                                  • Instruction ID: 22f2208d8659f5911cfb83413bba14fb3adf1c96b81b5804846a1f957cf564b0
                                                                                                                                  • Opcode Fuzzy Hash: 7a872d85ef79f82c2fb4489a11741dba545bd54ece5bb6ac8fb542aeaeb5a083
                                                                                                                                  • Instruction Fuzzy Hash: AE41DF312483C0AAE736EE24DC55BABFBE8AF85340F04491DF6D9D7190D7689A08DB52
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003710E0 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 176396367-0
                                                                                                                                  • Opcode ID: 170e4886f520bb0d2ff8d4ede8e7295fbab7ceaa047ee97d06e4180f4136574c
                                                                                                                                  • Instruction ID: 73c8de68863c559049fbad520fb0b759641b878b92bea751145da4a2588d23b9
                                                                                                                                  • Opcode Fuzzy Hash: 170e4886f520bb0d2ff8d4ede8e7295fbab7ceaa047ee97d06e4180f4136574c
                                                                                                                                  • Instruction Fuzzy Hash: 3741DA719006299BCB62AF789C099DEBB7CEF05310F014019FD09FB245DB34AD498BE0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037851F Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 00378532
                                                                                                                                  • _wcslen.LIBCMT ref: 00378558
                                                                                                                                  • _wcslen.LIBCMT ref: 003785EF
                                                                                                                                  • _wcslen.LIBCMT ref: 00378657
                                                                                                                                    • Part of subcall function 0037B966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0037B991
                                                                                                                                    • Part of subcall function 0037B41F: RemoveDirectoryW.KERNEL32(?,?,?,00378649,?), ref: 0037B430
                                                                                                                                    • Part of subcall function 0037B41F: RemoveDirectoryW.KERNEL32(?,?,?,00000800,?,00378649,?), ref: 0037B45E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$DirectoryRemove$CloseFind
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 973666142-0
                                                                                                                                  • Opcode ID: 13c4833921830cc24cf7045191f17a435417e1473527d55b164f376317025a4e
                                                                                                                                  • Instruction ID: fff5d2ed850620f8388662bc828ab73147fb3ca114d00aaace9bdc33aef8ae08
                                                                                                                                  • Opcode Fuzzy Hash: 13c4833921830cc24cf7045191f17a435417e1473527d55b164f376317025a4e
                                                                                                                                  • Instruction Fuzzy Hash: 5B310871900214AACF33BF608C49BEE7369AF45350F018495FA4DAB145EF78CE85CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039DB48 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,0039A871,?,00000000,?,00000001,?,?,00000001,0039A871,?), ref: 0039DB95
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0039DC1E
                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,003980B1,?), ref: 0039DC30
                                                                                                                                  • __freea.LIBCMT ref: 0039DC39
                                                                                                                                    • Part of subcall function 0039A7FE: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0039DBEC,00000000,?,003980B1,?,00000008,?,0039A871,?,?,?), ref: 0039A830
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2652629310-0
                                                                                                                                  • Opcode ID: 82ad627033a04b60d4538448fd7da6583bc9d0cc927cd92f3fcf432de107affa
                                                                                                                                  • Instruction ID: 1e599ca1264d10da1ee36da6efc15b0bdd40c45469b0d038ebc0ba2143dc44c8
                                                                                                                                  • Opcode Fuzzy Hash: 82ad627033a04b60d4538448fd7da6583bc9d0cc927cd92f3fcf432de107affa
                                                                                                                                  • Instruction Fuzzy Hash: 4831A571A0021AABDF269F64DC86EAE7BA5EF45350F064268FC04DB150E775DD90CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00378704 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000020,?), ref: 00378713
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 0037871A
                                                                                                                                  • GetLastError.KERNEL32 ref: 00378759
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00378768
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CloseCurrentErrorHandleLastOpenToken
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2767541406-0
                                                                                                                                  • Opcode ID: 5d4ba9d696ea220cdf60731e679b9871921f1585f8f333badbe7859db7f83cc6
                                                                                                                                  • Instruction ID: ae623f3ccd3293fae00dd802f94655e2e10f5292bb49dffb8f0457379ecaf791
                                                                                                                                  • Opcode Fuzzy Hash: 5d4ba9d696ea220cdf60731e679b9871921f1585f8f333badbe7859db7f83cc6
                                                                                                                                  • Instruction Fuzzy Hash: 420131B5640209AFEB12DFA4DD8DFAFBB7CEB00744F514025B502E1150EB75CE04AA70
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038B673 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDC.USER32(00000000), ref: 0038B676
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 0038B685
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0038B693
                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 0038B6A1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsDevice$Release
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1035833867-0
                                                                                                                                  • Opcode ID: c7b1e54180e786a810877eac5e38ffacdfbc381749c460a254d7a8d6c5ea46e4
                                                                                                                                  • Instruction ID: 707a9cc64b9c652abe08c126f2bd921fa4f4300d79d8c9a32314c6c9e052b667
                                                                                                                                  • Opcode Fuzzy Hash: c7b1e54180e786a810877eac5e38ffacdfbc381749c460a254d7a8d6c5ea46e4
                                                                                                                                  • Instruction Fuzzy Hash: CDE0EC32987E60ABD7221B66BC1DB9B7F5CAB16713F054106F601962D0DAB044008FD1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038B81C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0038B6A9: GetDC.USER32(00000000), ref: 0038B6AD
                                                                                                                                    • Part of subcall function 0038B6A9: GetDeviceCaps.GDI32(00000000,0000000C), ref: 0038B6B8
                                                                                                                                    • Part of subcall function 0038B6A9: ReleaseDC.USER32(00000000,00000000), ref: 0038B6C3
                                                                                                                                  • GetObjectW.GDI32(?,00000018,?), ref: 0038B84C
                                                                                                                                    • Part of subcall function 0038BADE: GetDC.USER32(00000000), ref: 0038BAE7
                                                                                                                                    • Part of subcall function 0038BADE: GetObjectW.GDI32(?,00000018,?), ref: 0038BB16
                                                                                                                                    • Part of subcall function 0038BADE: ReleaseDC.USER32(00000000,?), ref: 0038BBAE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ObjectRelease$CapsDevice
                                                                                                                                  • String ID: (
                                                                                                                                  • API String ID: 1061551593-3887548279
                                                                                                                                  • Opcode ID: aa8c58e31a798132b68f142e62adfccd152748e7599107a3a7a3584f23845c58
                                                                                                                                  • Instruction ID: df350524d09e4409f981aaa9ef35dedb991dc2498845a8b143b9986142b17935
                                                                                                                                  • Opcode Fuzzy Hash: aa8c58e31a798132b68f142e62adfccd152748e7599107a3a7a3584f23845c58
                                                                                                                                  • Instruction Fuzzy Hash: 2391E071608351AFD611EF25C844A2BBBF8FFCA700F00495EF59AD7260DB70A805CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039C378 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 0039C4E4
                                                                                                                                    • Part of subcall function 003951E6: IsProcessorFeaturePresent.KERNEL32(00000017,003951B8,00000050,003A4ADC,?,0037EA30,00000004,003B3070,?,?,003951C5,00000000,00000000,00000000,00000000,00000000), ref: 003951E8
                                                                                                                                    • Part of subcall function 003951E6: GetCurrentProcess.KERNEL32(C0000417,003A4ADC,00000050,003B3070), ref: 0039520A
                                                                                                                                    • Part of subcall function 003951E6: TerminateProcess.KERNEL32(00000000), ref: 00395211
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                  • String ID: *?$.
                                                                                                                                  • API String ID: 2667617558-3972193922
                                                                                                                                  • Opcode ID: 972d5fe56fca4318eb32e817472c9c256f93d190f7b8c306b3a3f3d0056a7248
                                                                                                                                  • Instruction ID: 2b97fd6e5faf4cfeb6c746bd98483fd80ce16db3f8bbe54e67338e9c5a1f8c5d
                                                                                                                                  • Opcode Fuzzy Hash: 972d5fe56fca4318eb32e817472c9c256f93d190f7b8c306b3a3f3d0056a7248
                                                                                                                                  • Instruction Fuzzy Hash: 1651B175E10209EFDF16DFA9C881ABDBBB5FF58310F258169E844EB341E6359E018B50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003780BE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 003780C3
                                                                                                                                    • Part of subcall function 00381907: _wcslen.LIBCMT ref: 0038190D
                                                                                                                                    • Part of subcall function 0037B966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0037B991
                                                                                                                                  • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00378262
                                                                                                                                    • Part of subcall function 0037B8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0037B5B5,?,?,?,0037B405,?,00000001,00000000,?,?), ref: 0037B8FA
                                                                                                                                    • Part of subcall function 0037B8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0037B5B5,?,?,?,0037B405,?,00000001,00000000,?,?), ref: 0037B92B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                                                                  • String ID: :
                                                                                                                                  • API String ID: 3226429890-336475711
                                                                                                                                  • Opcode ID: e081aa7ac620bd7ce6390a53a19f7a1a41922c9ce8214cead5c14dc597d489e6
                                                                                                                                  • Instruction ID: 0d8f7207e3c97f5a4b3dc151d041085a68ddb8838fa3169ef95975505a82500c
                                                                                                                                  • Opcode Fuzzy Hash: e081aa7ac620bd7ce6390a53a19f7a1a41922c9ce8214cead5c14dc597d489e6
                                                                                                                                  • Instruction Fuzzy Hash: B9515071940658AADB36EB60CC5AEEEB37DAF45300F4080D5F60DAA082DB785F85DF61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038C67E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID: }
                                                                                                                                  • API String ID: 176396367-4239843852
                                                                                                                                  • Opcode ID: 84094d778a43735225368a7b4adfc5d6a6a944901cf4fa55694a78caafa5c737
                                                                                                                                  • Instruction ID: fca3fc0754ddd32568c080d071d9d22a39b1612f0f2bb2c7aa13ae8efe1a87d6
                                                                                                                                  • Opcode Fuzzy Hash: 84094d778a43735225368a7b4adfc5d6a6a944901cf4fa55694a78caafa5c737
                                                                                                                                  • Instruction Fuzzy Hash: 4921F3229243065EDB33FB64D845A6BB3ECDF85750F05146AF640C7141EB71ED4887B2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038069C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00380627: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00380646
                                                                                                                                    • Part of subcall function 00380627: GetProcAddress.KERNEL32(003BA1F0,CryptUnprotectMemory), ref: 00380656
                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000200,?,00380697), ref: 0038072A
                                                                                                                                  Strings
                                                                                                                                  • CryptProtectMemory failed, xrefs: 003806E1
                                                                                                                                  • CryptUnprotectMemory failed, xrefs: 00380722
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$CurrentProcess
                                                                                                                                  • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                                                  • API String ID: 2190909847-396321323
                                                                                                                                  • Opcode ID: 7dc5aadd110ed78ba43cfe9a46fb6d4aa8b3818ddb21693b30c06f389bd162d4
                                                                                                                                  • Instruction ID: c5f37bcda6943f73fa9884cd5bb497908ae3afc3fcc3fbf60feb21fcb51a2524
                                                                                                                                  • Opcode Fuzzy Hash: 7dc5aadd110ed78ba43cfe9a46fb6d4aa8b3818ddb21693b30c06f389bd162d4
                                                                                                                                  • Instruction Fuzzy Hash: 26116631A00B20ABDF1B6B348C40A6E3B18EF41724F028195FC455B251D771AD448BD5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037CDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _swprintf.LIBCMT ref: 0037CDE7
                                                                                                                                    • Part of subcall function 00374A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00374A33
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __vswprintf_c_l_swprintf
                                                                                                                                  • String ID: %c:\
                                                                                                                                  • API String ID: 1543624204-3142399695
                                                                                                                                  • Opcode ID: c5c6762ebbd639f8a834f5eed2287e2d6f21578760425d2137c27d08f1a3dbef
                                                                                                                                  • Instruction ID: 2de75db524507593c0b2027941199ace0cd2cd06bc85a0496ad856b9cbde047a
                                                                                                                                  • Opcode Fuzzy Hash: c5c6762ebbd639f8a834f5eed2287e2d6f21578760425d2137c27d08f1a3dbef
                                                                                                                                  • Instruction Fuzzy Hash: E301496711431175EA326B398C86DA7A7ACDFD5371B40941EF448CA482EB28D410C2A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00390D7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00390DBD
                                                                                                                                  • ___raise_securityfailure.LIBCMT ref: 00390EA5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                  • String ID: x==
                                                                                                                                  • API String ID: 3761405300-2535711829
                                                                                                                                  • Opcode ID: 2269255c532ab19fd119ca938f7a6b8d63ff3c9f371e32d4718f23ee877c27d3
                                                                                                                                  • Instruction ID: 70e1b9e27c1edfab1a843b44fb2453355e29fbf2200554270deebcc8108d0f50
                                                                                                                                  • Opcode Fuzzy Hash: 2269255c532ab19fd119ca938f7a6b8d63ff3c9f371e32d4718f23ee877c27d3
                                                                                                                                  • Instruction Fuzzy Hash: 5A21C4B6542200AED716CF19F986640BBBDFB48714F10512BE9058B2F0E3B1AE80DF46
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038EEF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsWindowVisible.USER32(00010440), ref: 0038EF2A
                                                                                                                                  • DialogBoxParamW.USER32(GETPASSWORD1,00010440,0038C460,?), ref: 0038EF65
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogParamVisibleWindow
                                                                                                                                  • String ID: GETPASSWORD1
                                                                                                                                  • API String ID: 3157717868-3292211884
                                                                                                                                  • Opcode ID: 2057270beece6b1708fb5c0e4f8ee4eae57f9af7284382f883fdaeae3390b104
                                                                                                                                  • Instruction ID: 829d646da8d41de3a8270ae13709c42a3c0f7e6284f739c75f8d7c823ed32481
                                                                                                                                  • Opcode Fuzzy Hash: 2057270beece6b1708fb5c0e4f8ee4eae57f9af7284382f883fdaeae3390b104
                                                                                                                                  • Instruction Fuzzy Hash: 10118434244764BFCB23BB64AC12FEA379CAF02744F168196F641A7091C7B06C80CBB2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0038233E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateThread.KERNEL32(00000000,00010000,00382480,?,00000000,00000000), ref: 00382362
                                                                                                                                  • SetThreadPriority.KERNEL32(?,00000000), ref: 003823A9
                                                                                                                                    • Part of subcall function 003776E9: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00377707
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                                                                  • String ID: CreateThread failed
                                                                                                                                  • API String ID: 2655393344-3849766595
                                                                                                                                  • Opcode ID: ee7f45997d6520bc756539d70e72d496bd8afaf1ba0d4b3f5e355f3d5261bc29
                                                                                                                                  • Instruction ID: 058212dae7d0861669bd2aaccc5acd2c58c48d6fdac62469c2357d131e2f3f18
                                                                                                                                  • Opcode Fuzzy Hash: ee7f45997d6520bc756539d70e72d496bd8afaf1ba0d4b3f5e355f3d5261bc29
                                                                                                                                  • Instruction Fuzzy Hash: 5201D6B92447026FD623BF64DC96BA3B398FF41715F21016DF746971C0CAE1A8409720
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0039962A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0039D0F0: GetEnvironmentStringsW.KERNEL32 ref: 0039D0F9
                                                                                                                                    • Part of subcall function 0039D0F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0039D11C
                                                                                                                                    • Part of subcall function 0039D0F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0039D142
                                                                                                                                    • Part of subcall function 0039D0F0: _free.LIBCMT ref: 0039D155
                                                                                                                                    • Part of subcall function 0039D0F0: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0039D164
                                                                                                                                  • _free.LIBCMT ref: 00399670
                                                                                                                                  • _free.LIBCMT ref: 00399677
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                                  • String ID: hB=
                                                                                                                                  • API String ID: 400815659-597828124
                                                                                                                                  • Opcode ID: dc67dbd1b64c84efd0988f257d2678b1fb10c039f29d82228650ae68ce78f329
                                                                                                                                  • Instruction ID: 9e472c96f7c2eecbde149a566f36b85e513bc1d90e354adfc54d42818934ef32
                                                                                                                                  • Opcode Fuzzy Hash: dc67dbd1b64c84efd0988f257d2678b1fb10c039f29d82228650ae68ce78f329
                                                                                                                                  • Instruction Fuzzy Hash: 71E09253A0A91142DE73337E7C12B6F16594BD2770F26071FF865DE2C2DE648802419A
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00382303 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,00382526,?), ref: 00382309
                                                                                                                                  • GetLastError.KERNEL32(?), ref: 00382315
                                                                                                                                    • Part of subcall function 003776E9: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00377707
                                                                                                                                  Strings
                                                                                                                                  • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 0038231E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                                                  • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                                  • API String ID: 1091760877-2248577382
                                                                                                                                  • Opcode ID: 891d17a2bcf1c7174a070fb8cde21ed9f2b45e70c7bc0e27db220334d17d5022
                                                                                                                                  • Instruction ID: 2b1e1d1ad11334b40a37e8a1e2e934b48158443285c1c503657d853624c1bb13
                                                                                                                                  • Opcode Fuzzy Hash: 891d17a2bcf1c7174a070fb8cde21ed9f2b45e70c7bc0e27db220334d17d5022
                                                                                                                                  • Instruction Fuzzy Hash: C9D02E3640C93033CA1333386C0AEAFB808AFA3330F244B04F23A5A1E4CBE4094082A2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0037F5BE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,0037ED75,?), ref: 0037F5C3
                                                                                                                                  • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0037ED75,?), ref: 0037F5D1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2044579193.0000000000371000.00000020.00000001.01000000.00000003.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2044553412.0000000000370000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044608215.00000000003A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044626428.00000000003D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2044692431.00000000003D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_370000_file.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FindHandleModuleResource
                                                                                                                                  • String ID: RTL
                                                                                                                                  • API String ID: 3537982541-834975271
                                                                                                                                  • Opcode ID: a682764dae72d537e3b9fcf494ccce866994887e8d40f1bc1e7aca4e1fec4f8a
                                                                                                                                  • Instruction ID: 91379a9fb5c6340e918a91016aded224d5da19a5efd42480a3239f5b12448f81
                                                                                                                                  • Opcode Fuzzy Hash: a682764dae72d537e3b9fcf494ccce866994887e8d40f1bc1e7aca4e1fec4f8a
                                                                                                                                  • Instruction Fuzzy Hash: 32C0123224435096D73267716C0DB837E9C6B42715F060458B605DA1C0DAE5CC418660
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:10.6%
                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:1679
                                                                                                                                  Total number of Limit Nodes:63
                                                                                                                                  execution_graph 26206 acd8d8 108 API calls 4 library calls 26207 acf5af 14 API calls ___delayLoadHelper2@8 24036 acf5a5 24037 acf54e 24036->24037 24037->24036 24039 acf9e9 24037->24039 24065 acf747 24039->24065 24041 acf9f9 24042 acfa56 24041->24042 24054 acfa7a 24041->24054 24043 acf987 DloadReleaseSectionWriteAccess 6 API calls 24042->24043 24044 acfa61 RaiseException 24043->24044 24045 acfc4f 24044->24045 24045->24037 24046 acfaf2 LoadLibraryExA 24047 acfb05 GetLastError 24046->24047 24048 acfb53 24046->24048 24050 acfb2e 24047->24050 24051 acfb18 24047->24051 24049 acfb5e FreeLibrary 24048->24049 24052 acfb65 24048->24052 24049->24052 24056 acf987 DloadReleaseSectionWriteAccess 6 API calls 24050->24056 24051->24048 24051->24050 24053 acfbc3 GetProcAddress 24052->24053 24060 acfc21 24052->24060 24055 acfbd3 GetLastError 24053->24055 24053->24060 24054->24046 24054->24048 24054->24052 24054->24060 24058 acfbe6 24055->24058 24057 acfb39 RaiseException 24056->24057 24057->24045 24058->24060 24061 acf987 DloadReleaseSectionWriteAccess 6 API calls 24058->24061 24074 acf987 24060->24074 24062 acfc07 RaiseException 24061->24062 24063 acf747 ___delayLoadHelper2@8 6 API calls 24062->24063 24064 acfc1e 24063->24064 24064->24060 24066 acf779 24065->24066 24067 acf753 24065->24067 24066->24041 24082 acf7f0 24067->24082 24069 acf758 24070 acf774 24069->24070 24085 acf919 24069->24085 24090 acf77a GetModuleHandleW GetProcAddress GetProcAddress 24070->24090 24073 acf9c2 24073->24041 24075 acf999 24074->24075 24076 acf9bb 24074->24076 24077 acf7f0 DloadReleaseSectionWriteAccess 3 API calls 24075->24077 24076->24045 24078 acf99e 24077->24078 24079 acf9b6 24078->24079 24080 acf919 DloadProtectSection 3 API calls 24078->24080 24093 acf9bd GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 24079->24093 24080->24079 24091 acf77a GetModuleHandleW GetProcAddress GetProcAddress 24082->24091 24084 acf7f5 24084->24069 24086 acf92e DloadProtectSection 24085->24086 24087 acf969 VirtualProtect 24086->24087 24088 acf934 24086->24088 24092 acf82f VirtualQuery GetSystemInfo 24086->24092 24087->24088 24088->24070 24090->24073 24091->24084 24092->24087 24093->24076 26178 aca4a0 GetClientRect 26179 add0a0 GetCommandLineA GetCommandLineW 26249 acc7b0 100 API calls 26250 ad0f0f 9 API calls 2 library calls 24173 adbdb0 24174 adbdbb 24173->24174 24176 adbde4 24174->24176 24178 adbde0 24174->24178 24179 adc0ca 24174->24179 24186 adbe10 DeleteCriticalSection 24176->24186 24180 adbe58 __dosmaperr 5 API calls 24179->24180 24181 adc0f1 24180->24181 24182 adc10f InitializeCriticalSectionAndSpinCount 24181->24182 24183 adc0fa 24181->24183 24182->24183 24184 ad0d7c CatchGuardHandler 5 API calls 24183->24184 24185 adc126 24184->24185 24185->24174 24186->24178 24187 ab10b5 24192 ab644d 24187->24192 24191 ab10c4 24193 ab6457 __EH_prolog 24192->24193 24201 abc9d8 GetCurrentProcess GetProcessAffinityMask 24193->24201 24195 ab6464 24202 ac04e5 24195->24202 24197 ab64bb 24206 ab665c GetCurrentProcess GetProcessAffinityMask 24197->24206 24199 ab10ba 24200 ad0372 29 API calls 24199->24200 24200->24191 24201->24195 24203 ac04ef __EH_prolog 24202->24203 24207 ab4846 41 API calls 24203->24207 24205 ac050b 24205->24197 24206->24199 24207->24205 26234 ad3e8b 38 API calls 4 library calls 26181 ac8880 133 API calls 26208 ad1180 RaiseException _com_error::_com_error CallUnexpected 24349 acde9d 24350 acdf67 24349->24350 24357 acdec0 24349->24357 24354 acd8d8 _wcslen _wcsrchr 24350->24354 24377 ace8df 24350->24377 24353 ace54f 24354->24353 24358 acdbac SetWindowTextW 24354->24358 24363 acd99a SetFileAttributesW 24354->24363 24375 acd9b4 _abort _wcslen 24354->24375 24402 ac3316 CompareStringW 24354->24402 24403 acb65d GetCurrentDirectoryW 24354->24403 24405 abb9ca 6 API calls 24354->24405 24406 abb953 FindClose 24354->24406 24407 acc67e 76 API calls 2 library calls 24354->24407 24408 ad521e 24354->24408 24421 acc504 ExpandEnvironmentStringsW 24354->24421 24356 ac3316 CompareStringW 24356->24357 24357->24350 24357->24356 24358->24354 24365 acda54 GetFileAttributesW 24363->24365 24363->24375 24365->24354 24367 acda66 DeleteFileW 24365->24367 24367->24354 24368 acda77 24367->24368 24370 ab4a20 _swprintf 51 API calls 24368->24370 24369 acdd76 GetDlgItem SetWindowTextW SendMessageW 24369->24375 24372 acda97 GetFileAttributesW 24370->24372 24371 acddb6 SendMessageW 24371->24354 24372->24368 24373 acdaac MoveFileW 24372->24373 24373->24354 24374 acdac4 MoveFileExW 24373->24374 24374->24354 24375->24354 24375->24369 24375->24371 24376 acda30 SHFileOperationW 24375->24376 24404 abcdc0 51 API calls 2 library calls 24375->24404 24376->24365 24379 ace8e9 _abort _wcslen 24377->24379 24378 aceb37 24378->24354 24379->24378 24380 ace9f5 24379->24380 24381 aceb10 24379->24381 24431 ac3316 CompareStringW 24379->24431 24422 abb4c1 24380->24422 24381->24378 24385 aceb2e ShowWindow 24381->24385 24385->24378 24386 acea29 ShellExecuteExW 24386->24378 24388 acea3c 24386->24388 24390 acea75 WaitForInputIdle 24388->24390 24391 acea60 IsWindowVisible 24388->24391 24392 aceacb CloseHandle 24388->24392 24389 acea21 24389->24386 24425 aced8b WaitForSingleObject 24390->24425 24391->24390 24393 acea6b ShowWindow 24391->24393 24395 aceae4 24392->24395 24396 acead9 24392->24396 24393->24390 24395->24381 24433 ac3316 CompareStringW 24396->24433 24397 acea8d 24397->24392 24399 aceaa0 GetExitCodeProcess 24397->24399 24399->24392 24400 aceab3 24399->24400 24400->24392 24402->24354 24403->24354 24404->24375 24405->24354 24406->24354 24407->24354 24409 ada6a4 24408->24409 24410 ada6bc 24409->24410 24411 ada6b1 24409->24411 24413 ada6c4 24410->24413 24419 ada6cd __dosmaperr 24410->24419 24448 ada7fe 24411->24448 24414 ada66a _free 20 API calls 24413->24414 24417 ada6b9 24414->24417 24415 ada6f7 HeapReAlloc 24415->24417 24415->24419 24416 ada6d2 24455 ada7eb 20 API calls __dosmaperr 24416->24455 24417->24354 24419->24415 24419->24416 24456 ad8e5c 7 API calls 2 library calls 24419->24456 24421->24354 24434 abb4d3 24422->24434 24426 acedeb 24425->24426 24427 aceda6 24425->24427 24426->24397 24428 aceda9 PeekMessageW 24427->24428 24429 aceddc WaitForSingleObject 24428->24429 24430 acedbb GetMessageW TranslateMessage DispatchMessageW 24428->24430 24429->24426 24429->24428 24430->24429 24431->24380 24432 abcad4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 24432->24389 24433->24395 24442 acffd0 24434->24442 24437 abb4ca 24437->24386 24437->24432 24438 abb4f1 24444 abcf32 24438->24444 24440 abb505 24440->24437 24441 abb509 GetFileAttributesW 24440->24441 24441->24437 24443 abb4e0 GetFileAttributesW 24442->24443 24443->24437 24443->24438 24445 abcf3f _wcslen 24444->24445 24446 abcfe7 GetCurrentDirectoryW 24445->24446 24447 abcf68 _wcslen 24445->24447 24446->24447 24447->24440 24449 ada83c 24448->24449 24453 ada80c __dosmaperr 24448->24453 24458 ada7eb 20 API calls __dosmaperr 24449->24458 24451 ada827 RtlAllocateHeap 24452 ada83a 24451->24452 24451->24453 24452->24417 24453->24449 24453->24451 24457 ad8e5c 7 API calls 2 library calls 24453->24457 24455->24417 24456->24419 24457->24453 24458->24452 26182 acb090 28 API calls 26210 adb590 21 API calls 2 library calls 26236 ad3a90 6 API calls 4 library calls 26252 ad0790 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 26184 ab1095 44 API calls 26211 acbde0 73 API calls 26253 ad73e0 QueryPerformanceFrequency QueryPerformanceCounter 26212 ae05e1 21 API calls __vsnwprintf_l 25062 ab13fd 43 API calls 2 library calls 25067 adccf0 25068 adccf9 25067->25068 25069 adcd02 25067->25069 25071 adcbe7 25068->25071 25072 ada515 _unexpected 38 API calls 25071->25072 25073 adcbf4 25072->25073 25091 adcd0e 25073->25091 25075 adcbfc 25100 adc97b 25075->25100 25078 ada7fe __vsnwprintf_l 21 API calls 25080 adcc24 25078->25080 25079 adcc56 25083 ada66a _free 20 API calls 25079->25083 25080->25079 25107 adcdb0 25080->25107 25085 adcc13 25083->25085 25084 adcc51 25117 ada7eb 20 API calls __dosmaperr 25084->25117 25085->25069 25087 adcc9a 25087->25079 25118 adc851 26 API calls 25087->25118 25088 adcc6e 25088->25087 25089 ada66a _free 20 API calls 25088->25089 25089->25087 25092 adcd1a ___scrt_is_nonwritable_in_current_image 25091->25092 25093 ada515 _unexpected 38 API calls 25092->25093 25095 adcd24 25093->25095 25096 adcda8 _abort 25095->25096 25099 ada66a _free 20 API calls 25095->25099 25119 ada0f4 38 API calls _abort 25095->25119 25120 adbdf1 EnterCriticalSection 25095->25120 25121 adcd9f LeaveCriticalSection _abort 25095->25121 25096->25075 25099->25095 25101 ad5944 __fassign 38 API calls 25100->25101 25102 adc98d 25101->25102 25103 adc99c GetOEMCP 25102->25103 25104 adc9ae 25102->25104 25105 adc9c5 25103->25105 25104->25105 25106 adc9b3 GetACP 25104->25106 25105->25078 25105->25085 25106->25105 25108 adc97b 40 API calls 25107->25108 25109 adcdcf 25108->25109 25112 adce20 IsValidCodePage 25109->25112 25114 adcdd6 25109->25114 25116 adce45 _abort 25109->25116 25110 ad0d7c CatchGuardHandler 5 API calls 25111 adcc49 25110->25111 25111->25084 25111->25088 25113 adce32 GetCPInfo 25112->25113 25112->25114 25113->25114 25113->25116 25114->25110 25122 adca53 GetCPInfo 25116->25122 25117->25079 25118->25079 25120->25095 25121->25095 25123 adcb37 25122->25123 25129 adca8d 25122->25129 25126 ad0d7c CatchGuardHandler 5 API calls 25123->25126 25128 adcbe3 25126->25128 25128->25114 25132 addb48 25129->25132 25131 adbd38 __vsnwprintf_l 43 API calls 25131->25123 25133 ad5944 __fassign 38 API calls 25132->25133 25134 addb68 MultiByteToWideChar 25133->25134 25136 addba6 25134->25136 25144 addc3e 25134->25144 25138 ada7fe __vsnwprintf_l 21 API calls 25136->25138 25141 addbc7 _abort __vsnwprintf_l 25136->25141 25137 ad0d7c CatchGuardHandler 5 API calls 25139 adcaee 25137->25139 25138->25141 25146 adbd38 25139->25146 25140 addc38 25151 adbd83 20 API calls _free 25140->25151 25141->25140 25143 addc0c MultiByteToWideChar 25141->25143 25143->25140 25145 addc28 GetStringTypeW 25143->25145 25144->25137 25145->25140 25147 ad5944 __fassign 38 API calls 25146->25147 25148 adbd4b 25147->25148 25152 adbb1b 25148->25152 25151->25144 25153 adbb36 __vsnwprintf_l 25152->25153 25154 adbb5c MultiByteToWideChar 25153->25154 25155 adbb86 25154->25155 25156 adbd10 25154->25156 25161 ada7fe __vsnwprintf_l 21 API calls 25155->25161 25163 adbba7 __vsnwprintf_l 25155->25163 25157 ad0d7c CatchGuardHandler 5 API calls 25156->25157 25158 adbd23 25157->25158 25158->25131 25159 adbc5c 25188 adbd83 20 API calls _free 25159->25188 25160 adbbf0 MultiByteToWideChar 25160->25159 25162 adbc09 25160->25162 25161->25163 25179 adc12c 25162->25179 25163->25159 25163->25160 25167 adbc6b 25169 ada7fe __vsnwprintf_l 21 API calls 25167->25169 25173 adbc8c __vsnwprintf_l 25167->25173 25168 adbc33 25168->25159 25171 adc12c __vsnwprintf_l 11 API calls 25168->25171 25169->25173 25170 adbd01 25187 adbd83 20 API calls _free 25170->25187 25171->25159 25173->25170 25174 adc12c __vsnwprintf_l 11 API calls 25173->25174 25175 adbce0 25174->25175 25175->25170 25176 adbcef WideCharToMultiByte 25175->25176 25176->25170 25177 adbd2f 25176->25177 25189 adbd83 20 API calls _free 25177->25189 25180 adbe58 __dosmaperr 5 API calls 25179->25180 25181 adc153 25180->25181 25184 adc15c 25181->25184 25190 adc1b4 10 API calls 3 library calls 25181->25190 25183 adc19c LCMapStringW 25183->25184 25185 ad0d7c CatchGuardHandler 5 API calls 25184->25185 25186 adbc20 25185->25186 25186->25159 25186->25167 25186->25168 25187->25159 25188->25156 25189->25159 25190->25183 26185 ad10f0 LocalFree 26213 add1f0 GetProcessHeap 26214 acedf1 DialogBoxParamW 26237 acc2f3 78 API calls 25199 acdfcc 25200 acdfd5 GetTempPathW 25199->25200 25215 acd8d8 _wcslen _wcsrchr 25199->25215 25205 acdff5 25200->25205 25202 ab4a20 _swprintf 51 API calls 25202->25205 25203 ace54f 25204 abb4c1 3 API calls 25204->25205 25205->25202 25205->25204 25206 ace02c SetDlgItemTextW 25205->25206 25210 ace049 25206->25210 25206->25215 25208 acdbac SetWindowTextW 25208->25215 25212 ace12f EndDialog 25210->25212 25210->25215 25212->25215 25213 ad521e 22 API calls 25213->25215 25215->25203 25215->25208 25215->25213 25216 acd99a SetFileAttributesW 25215->25216 25228 acd9b4 _abort _wcslen 25215->25228 25230 ac3316 CompareStringW 25215->25230 25231 acb65d GetCurrentDirectoryW 25215->25231 25233 abb9ca 6 API calls 25215->25233 25234 abb953 FindClose 25215->25234 25235 acc67e 76 API calls 2 library calls 25215->25235 25236 acc504 ExpandEnvironmentStringsW 25215->25236 25218 acda54 GetFileAttributesW 25216->25218 25216->25228 25218->25215 25220 acda66 DeleteFileW 25218->25220 25220->25215 25221 acda77 25220->25221 25223 ab4a20 _swprintf 51 API calls 25221->25223 25222 acdd76 GetDlgItem SetWindowTextW SendMessageW 25222->25228 25225 acda97 GetFileAttributesW 25223->25225 25224 acddb6 SendMessageW 25224->25215 25225->25221 25226 acdaac MoveFileW 25225->25226 25226->25215 25227 acdac4 MoveFileExW 25226->25227 25227->25215 25228->25215 25228->25222 25228->25224 25229 acda30 SHFileOperationW 25228->25229 25232 abcdc0 51 API calls 2 library calls 25228->25232 25229->25218 25230->25215 25231->25215 25232->25228 25233->25215 25234->25215 25235->25215 25236->25215 26187 adb8c0 21 API calls 26188 ad9cc0 7 API calls ___scrt_uninitialize_crt 26238 adc2c0 FreeLibrary 26216 ae3dc0 VariantClear 26255 ae03c0 51 API calls 25285 acc9d0 25286 acc9da __EH_prolog 25285->25286 25457 ab12f6 25286->25457 25289 acca1a 25291 acca31 25289->25291 25293 acca28 25289->25293 25294 acca8b 25289->25294 25290 acd10b 25543 ace7ee 25290->25543 25299 acca2c 25293->25299 25300 acca68 25293->25300 25298 accb1e GetDlgItemTextW 25294->25298 25304 accaa1 25294->25304 25296 acd134 25301 acd13d SendDlgItemMessageW 25296->25301 25302 acd14e GetDlgItem SendMessageW 25296->25302 25297 acd126 SendMessageW 25297->25296 25298->25300 25303 accb5b 25298->25303 25299->25291 25309 abf937 53 API calls 25299->25309 25300->25291 25306 accb4f EndDialog 25300->25306 25301->25302 25561 acb65d GetCurrentDirectoryW 25302->25561 25307 accb70 GetDlgItem 25303->25307 25454 accb64 25303->25454 25308 abf937 53 API calls 25304->25308 25306->25291 25311 accb84 SendMessageW SendMessageW 25307->25311 25312 accba7 SetFocus 25307->25312 25313 accabe SetDlgItemTextW 25308->25313 25314 acca4b 25309->25314 25310 acd17e GetDlgItem 25316 acd19b 25310->25316 25317 acd1a1 SetWindowTextW 25310->25317 25311->25312 25318 accbb7 25312->25318 25328 accbc3 25312->25328 25319 accac9 25313->25319 25581 ab122f SHGetMalloc 25314->25581 25316->25317 25562 acbbc0 GetClassNameW 25317->25562 25323 abf937 53 API calls 25318->25323 25319->25291 25326 accad6 GetMessageW 25319->25326 25320 acca52 25320->25291 25329 acd3f8 SetDlgItemTextW 25320->25329 25321 acd051 25324 abf937 53 API calls 25321->25324 25327 accbc1 25323->25327 25330 acd061 SetDlgItemTextW 25324->25330 25326->25291 25332 accaed IsDialogMessageW 25326->25332 25467 ace619 25327->25467 25337 abf937 53 API calls 25328->25337 25329->25291 25334 acd075 25330->25334 25332->25319 25336 accafc TranslateMessage DispatchMessageW 25332->25336 25340 abf937 53 API calls 25334->25340 25336->25319 25339 accbfa 25337->25339 25338 accc1d 25344 accc51 25338->25344 25349 abb4c1 3 API calls 25338->25349 25343 ab4a20 _swprintf 51 API calls 25339->25343 25370 acd098 _wcslen 25340->25370 25341 acd1ec 25342 acd21c 25341->25342 25346 abf937 53 API calls 25341->25346 25348 acd2d4 25342->25348 25352 acd884 98 API calls 25342->25352 25343->25327 25487 abb341 25344->25487 25345 acd884 98 API calls 25345->25341 25350 acd1ff SetDlgItemTextW 25346->25350 25353 acd387 25348->25353 25387 acd365 25348->25387 25400 abf937 53 API calls 25348->25400 25354 accc47 25349->25354 25355 abf937 53 API calls 25350->25355 25358 acd237 25352->25358 25359 acd399 25353->25359 25360 acd390 EnableWindow 25353->25360 25354->25344 25477 acbeff 25354->25477 25363 acd213 SetDlgItemTextW 25355->25363 25356 accc75 25493 acbc19 SetCurrentDirectoryW 25356->25493 25357 accc6a GetLastError 25357->25356 25369 acd249 25358->25369 25383 acd26e 25358->25383 25362 acd3b6 25359->25362 25588 ab12b3 GetDlgItem KiUserCallbackDispatcher 25359->25588 25360->25359 25377 acd3dd 25362->25377 25378 acd3d5 SendMessageW 25362->25378 25363->25342 25364 abf937 53 API calls 25364->25291 25366 acd2c7 25372 acd884 98 API calls 25366->25372 25368 accc89 25373 accc92 GetLastError 25368->25373 25379 accca0 25368->25379 25586 acaef5 32 API calls 25369->25586 25375 abf937 53 API calls 25370->25375 25401 acd0e9 25370->25401 25371 acd3ac 25589 ab12b3 GetDlgItem KiUserCallbackDispatcher 25371->25589 25372->25348 25373->25379 25386 acd0cc 25375->25386 25377->25291 25380 abf937 53 API calls 25377->25380 25378->25377 25382 accd17 25379->25382 25384 accd26 25379->25384 25385 acccb0 GetTickCount 25379->25385 25380->25320 25381 acd262 25381->25383 25382->25384 25388 accf52 25382->25388 25383->25366 25397 acd884 98 API calls 25383->25397 25393 accef7 25384->25393 25394 acceed 25384->25394 25395 accd3f GetModuleFileNameW 25384->25395 25389 ab4a20 _swprintf 51 API calls 25385->25389 25390 ab4a20 _swprintf 51 API calls 25386->25390 25587 acaef5 32 API calls 25387->25587 25502 ab12d1 GetDlgItem ShowWindow 25388->25502 25399 accccd 25389->25399 25390->25401 25396 abf937 53 API calls 25393->25396 25394->25300 25394->25393 25403 ac05ed 82 API calls 25395->25403 25405 accf01 25396->25405 25406 acd29c 25397->25406 25398 accf62 25503 ab12d1 GetDlgItem ShowWindow 25398->25503 25494 aba8ce 25399->25494 25400->25348 25401->25364 25402 acd384 25402->25353 25404 accd67 25403->25404 25408 ab4a20 _swprintf 51 API calls 25404->25408 25409 ab4a20 _swprintf 51 API calls 25405->25409 25406->25366 25410 acd2a5 DialogBoxParamW 25406->25410 25412 accd89 CreateFileMappingW 25408->25412 25413 accf1f 25409->25413 25410->25300 25410->25366 25411 accf6c 25415 abf937 53 API calls 25411->25415 25416 accde7 GetCommandLineW 25412->25416 25450 acce5e __InternalCxxFrameHandler 25412->25450 25424 abf937 53 API calls 25413->25424 25417 accf76 SetDlgItemTextW 25415->25417 25421 accdf8 25416->25421 25504 ab12d1 GetDlgItem ShowWindow 25417->25504 25418 acccf3 25422 accd05 25418->25422 25423 acccfa GetLastError 25418->25423 25420 acce69 ShellExecuteExW 25435 acce84 25420->25435 25582 acc615 SHGetMalloc 25421->25582 25427 aba801 80 API calls 25422->25427 25423->25422 25430 accf39 25424->25430 25426 accf88 SetDlgItemTextW GetDlgItem 25428 accfbd 25426->25428 25429 accfa5 GetWindowLongW SetWindowLongW 25426->25429 25427->25382 25505 acd884 25428->25505 25429->25428 25431 acce14 25583 acc615 SHGetMalloc 25431->25583 25439 acce99 WaitForInputIdle 25435->25439 25440 accec7 25435->25440 25436 acce20 25584 acc615 SHGetMalloc 25436->25584 25438 acd884 98 API calls 25441 accfd9 25438->25441 25442 acceae 25439->25442 25440->25394 25447 accedd UnmapViewOfFile CloseHandle 25440->25447 25531 aceba2 25441->25531 25442->25440 25446 acceb3 Sleep 25442->25446 25443 acce2c 25444 ac069c 82 API calls 25443->25444 25449 acce3d MapViewOfFile 25444->25449 25446->25440 25446->25442 25447->25394 25449->25450 25450->25420 25451 acd884 98 API calls 25455 accfff 25451->25455 25452 acd028 25585 ab12b3 GetDlgItem KiUserCallbackDispatcher 25452->25585 25454->25300 25454->25321 25455->25452 25456 acd884 98 API calls 25455->25456 25456->25452 25458 ab1358 25457->25458 25459 ab12ff 25457->25459 25591 abf5e1 GetWindowLongW SetWindowLongW 25458->25591 25461 ab1365 25459->25461 25590 abf608 62 API calls 2 library calls 25459->25590 25461->25289 25461->25290 25461->25291 25463 ab1321 25463->25461 25464 ab1334 GetDlgItem 25463->25464 25464->25461 25465 ab1344 25464->25465 25465->25461 25466 ab134a SetWindowTextW 25465->25466 25466->25461 25468 acc758 5 API calls 25467->25468 25469 ace625 GetDlgItem 25468->25469 25470 ace67b SendMessageW SendMessageW 25469->25470 25471 ace647 25469->25471 25472 ace6d6 SendMessageW SendMessageW SendMessageW 25470->25472 25473 ace6b7 25470->25473 25476 ace652 ShowWindow SendMessageW SendMessageW 25471->25476 25474 ace72c SendMessageW 25472->25474 25475 ace709 SendMessageW 25472->25475 25473->25472 25474->25338 25475->25474 25476->25470 25592 acc324 GetCurrentProcess OpenProcessToken 25477->25592 25479 acbf14 25480 acbf1c SetEntriesInAclW 25479->25480 25481 acbfad 25479->25481 25480->25481 25482 acbf60 InitializeSecurityDescriptor 25480->25482 25481->25344 25483 acbf9f 25482->25483 25484 acbf6f SetSecurityDescriptorDacl 25482->25484 25483->25481 25485 acbfa4 LocalFree 25483->25485 25484->25483 25486 acbf82 CreateDirectoryW 25484->25486 25485->25481 25486->25483 25490 abb34b 25487->25490 25488 abb3dc 25489 abb542 8 API calls 25488->25489 25491 abb405 25488->25491 25489->25491 25490->25488 25490->25491 25599 abb542 25490->25599 25491->25356 25491->25357 25493->25368 25495 aba8d8 25494->25495 25496 aba935 CreateFileW 25495->25496 25497 aba929 25495->25497 25496->25497 25498 aba97f 25497->25498 25499 abcf32 GetCurrentDirectoryW 25497->25499 25498->25418 25500 aba964 25499->25500 25500->25498 25501 aba968 CreateFileW 25500->25501 25501->25498 25502->25398 25503->25411 25504->25426 25506 acd88e __EH_prolog 25505->25506 25507 accfcb 25506->25507 25620 acc504 ExpandEnvironmentStringsW 25506->25620 25507->25438 25511 acdbac SetWindowTextW 25514 acd8c5 _wcslen _wcsrchr 25511->25514 25514->25507 25514->25511 25515 ad521e 22 API calls 25514->25515 25517 acd99a SetFileAttributesW 25514->25517 25529 acd9b4 _abort _wcslen 25514->25529 25621 ac3316 CompareStringW 25514->25621 25622 acb65d GetCurrentDirectoryW 25514->25622 25624 abb9ca 6 API calls 25514->25624 25625 abb953 FindClose 25514->25625 25626 acc67e 76 API calls 2 library calls 25514->25626 25627 acc504 ExpandEnvironmentStringsW 25514->25627 25515->25514 25519 acda54 GetFileAttributesW 25517->25519 25517->25529 25519->25514 25521 acda66 DeleteFileW 25519->25521 25521->25514 25522 acda77 25521->25522 25524 ab4a20 _swprintf 51 API calls 25522->25524 25523 acdd76 GetDlgItem SetWindowTextW SendMessageW 25523->25529 25526 acda97 GetFileAttributesW 25524->25526 25525 acddb6 SendMessageW 25525->25514 25526->25522 25527 acdaac MoveFileW 25526->25527 25527->25514 25528 acdac4 MoveFileExW 25527->25528 25528->25514 25529->25514 25529->25523 25529->25525 25530 acda30 SHFileOperationW 25529->25530 25623 abcdc0 51 API calls 2 library calls 25529->25623 25530->25519 25532 acebac __EH_prolog 25531->25532 25628 ac1983 25532->25628 25534 acebdd 25632 ab64ed 25534->25632 25536 acebfb 25636 ab8823 25536->25636 25540 acec4e 25654 ab890a 25540->25654 25542 accfea 25542->25451 25544 ace7f8 25543->25544 25545 acb5d6 4 API calls 25544->25545 25546 ace7fd 25545->25546 25547 ace805 GetWindow 25546->25547 25548 acd111 25546->25548 25547->25548 25549 ace825 25547->25549 25548->25296 25548->25297 25549->25548 25550 ace832 GetClassNameW 25549->25550 25552 ace8ba GetWindow 25549->25552 25553 ace856 GetWindowLongW 25549->25553 26155 ac3316 CompareStringW 25550->26155 25552->25548 25552->25549 25553->25552 25554 ace866 SendMessageW 25553->25554 25554->25552 25555 ace87c GetObjectW 25554->25555 26156 acb615 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25555->26156 25557 ace893 26157 acb5f4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25557->26157 26158 acb81c 8 API calls 25557->26158 25560 ace8a4 SendMessageW DeleteObject 25560->25552 25561->25310 25563 acbbe1 25562->25563 25565 acbc06 25562->25565 26159 ac3316 CompareStringW 25563->26159 25568 acc217 25565->25568 25566 acbbf4 25566->25565 25567 acbbf8 FindWindowExW 25566->25567 25567->25565 25569 acc221 __EH_prolog 25568->25569 25570 ab13f8 43 API calls 25569->25570 25571 acc243 25570->25571 26160 ab2083 25571->26160 25574 acc26c 25577 ab1a7e 143 API calls 25574->25577 25575 acc25d 25576 ab1641 86 API calls 25575->25576 25579 acc268 25576->25579 25580 acc28b __InternalCxxFrameHandler ___std_exception_copy 25577->25580 25578 ab1641 86 API calls 25578->25579 25579->25341 25579->25345 25580->25578 25581->25320 25582->25431 25583->25436 25584->25443 25585->25454 25586->25381 25587->25402 25588->25371 25589->25362 25590->25463 25591->25461 25593 acc344 GetTokenInformation 25592->25593 25598 acc39b 25592->25598 25594 acc35e GetLastError 25593->25594 25595 acc369 ___std_exception_copy 25593->25595 25594->25595 25594->25598 25596 acc372 GetTokenInformation 25595->25596 25597 acc38c CopySid 25596->25597 25596->25598 25597->25598 25598->25479 25600 abb54f 25599->25600 25601 abb573 25600->25601 25602 abb566 CreateDirectoryW 25600->25602 25603 abb4c1 3 API calls 25601->25603 25602->25601 25604 abb5a6 25602->25604 25607 abb579 25603->25607 25605 abb5b5 25604->25605 25612 abb8e6 25604->25612 25605->25490 25606 abb5b9 GetLastError 25606->25605 25607->25606 25608 abcf32 GetCurrentDirectoryW 25607->25608 25610 abb58f 25608->25610 25610->25606 25611 abb593 CreateDirectoryW 25610->25611 25611->25604 25611->25606 25613 acffd0 25612->25613 25614 abb8f3 SetFileAttributesW 25613->25614 25615 abb909 25614->25615 25616 abb936 25614->25616 25617 abcf32 GetCurrentDirectoryW 25615->25617 25616->25605 25618 abb91d 25617->25618 25618->25616 25619 abb921 SetFileAttributesW 25618->25619 25619->25616 25620->25514 25621->25514 25622->25514 25623->25529 25624->25514 25625->25514 25626->25514 25627->25514 25629 ac1990 _wcslen 25628->25629 25663 ab1895 25629->25663 25631 ac19a8 25631->25534 25633 ac1983 _wcslen 25632->25633 25634 ab1895 78 API calls 25633->25634 25635 ac19a8 25634->25635 25635->25536 25637 ab882d __EH_prolog 25636->25637 25676 abe298 25637->25676 25639 ab8855 25640 acfebe 27 API calls 25639->25640 25641 ab8899 _abort 25640->25641 25642 acfebe 27 API calls 25641->25642 25643 ab88c0 25642->25643 25682 ac5c64 25643->25682 25646 ab8a38 25647 ab8a42 25646->25647 25648 ab8ab5 25647->25648 25711 abb966 25647->25711 25651 ab8b1a 25648->25651 25689 ab90a2 25648->25689 25650 ab8b5c 25650->25540 25651->25650 25717 ab1397 74 API calls 25651->25717 26151 aba41a 25654->26151 25656 ab892b 25657 ac3546 86 API calls 25656->25657 25658 ab893c Concurrency::cancel_current_task 25656->25658 25657->25658 25659 ab2111 26 API calls 25658->25659 25660 ab8963 25659->25660 25661 abe339 86 API calls 25660->25661 25662 ab896b 25661->25662 25662->25542 25664 ab18a7 25663->25664 25671 ab18ff 25663->25671 25665 ab18d0 25664->25665 25673 ab76e9 76 API calls __vswprintf_c_l 25664->25673 25667 ad521e 22 API calls 25665->25667 25669 ab18f0 25667->25669 25668 ab18c6 25674 ab775a 75 API calls 25668->25674 25669->25671 25675 ab775a 75 API calls 25669->25675 25671->25631 25673->25668 25674->25665 25675->25671 25677 abe2a2 __EH_prolog 25676->25677 25678 acfebe 27 API calls 25677->25678 25679 abe2e5 25678->25679 25680 acfebe 27 API calls 25679->25680 25681 abe309 25680->25681 25681->25639 25683 ac5c6e __EH_prolog 25682->25683 25684 acfebe 27 API calls 25683->25684 25685 ac5c8a 25684->25685 25686 ab88f2 25685->25686 25688 ac2166 80 API calls 25685->25688 25686->25646 25688->25686 25690 ab90ac __EH_prolog 25689->25690 25718 ab13f8 25690->25718 25692 ab90c8 25693 ab90d9 25692->25693 25880 abb1d2 25692->25880 25697 ab9110 25693->25697 25728 ab1ad3 25693->25728 25696 ab910c 25696->25697 25747 ab2032 25696->25747 25872 ab1641 25697->25872 25701 ab91b2 25751 ab924e 25701->25751 25704 ab9211 25704->25697 25759 ab4264 25704->25759 25771 ab92c6 25704->25771 25709 abb966 7 API calls 25710 ab9139 25709->25710 25710->25701 25710->25709 25884 abd4d2 CompareStringW _wcslen 25710->25884 25712 abb97b 25711->25712 25716 abb9a9 25712->25716 26140 abba94 25712->26140 25714 abb98b 25715 abb990 FindClose 25714->25715 25714->25716 25715->25716 25716->25647 25717->25650 25719 ab13fd __EH_prolog 25718->25719 25720 abe298 27 API calls 25719->25720 25721 ab1437 25720->25721 25722 acfebe 27 API calls 25721->25722 25726 ab14ab 25721->25726 25724 ab1498 25722->25724 25724->25726 25727 ab644d 43 API calls 25724->25727 25725 ab1533 _abort 25725->25692 25885 abc1f7 25726->25885 25727->25726 25729 ab1add __EH_prolog 25728->25729 25740 ab1c63 25729->25740 25743 ab1b30 25729->25743 25903 ab13d9 25729->25903 25732 ab1c9e 25906 ab1397 74 API calls 25732->25906 25734 ab4264 116 API calls 25737 ab1ce9 25734->25737 25735 ab1cab 25735->25734 25735->25740 25736 ab1d31 25736->25740 25741 ab1d64 25736->25741 25907 ab1397 74 API calls 25736->25907 25737->25736 25739 ab4264 116 API calls 25737->25739 25739->25737 25740->25696 25741->25740 25746 abb110 79 API calls 25741->25746 25742 ab1db5 25742->25740 25744 ab4264 116 API calls 25742->25744 25743->25732 25743->25735 25743->25740 25744->25742 25745 abb110 79 API calls 25745->25743 25746->25742 25748 ab2037 __EH_prolog 25747->25748 25749 ab2068 25748->25749 25921 ab1a7e 25748->25921 25749->25710 26044 abe395 25751->26044 25753 ab925e 26048 ac2701 GetSystemTime SystemTimeToFileTime 25753->26048 25755 ab91cc 25755->25704 25756 ac2eb4 25755->25756 26053 acefab 25756->26053 25760 ab4270 25759->25760 25761 ab4274 25759->25761 25760->25704 25770 abb110 79 API calls 25761->25770 25762 ab4286 25763 ab42af 25762->25763 25764 ab42a1 25762->25764 26062 ab2eb6 116 API calls 3 library calls 25763->26062 25766 ab42e1 25764->25766 26061 ab395a 104 API calls 3 library calls 25764->26061 25766->25704 25768 ab42ad 25768->25766 26063 ab2544 74 API calls 25768->26063 25770->25762 25772 ab92d0 __EH_prolog 25771->25772 25775 ab930e 25772->25775 25782 ab973d Concurrency::cancel_current_task 25772->25782 26086 ac9cad 118 API calls 25772->26086 25773 aba18d 25776 aba192 25773->25776 25777 aba1c5 25773->25777 25775->25773 25779 ab932f 25775->25779 25775->25782 25776->25782 26115 ab8675 168 API calls 25776->26115 25777->25782 26116 ac9cad 118 API calls 25777->26116 25779->25782 26064 ab66df 25779->26064 25782->25704 25783 ab9405 25792 ab9545 25783->25792 26087 abb5d6 57 API calls 3 library calls 25783->26087 25785 ab9669 25791 abb966 7 API calls 25785->25791 25794 ab96db 25785->25794 25789 ab95ac 26088 ad8a18 26 API calls 2 library calls 25789->26088 25791->25794 25792->25782 25792->25785 26089 ab8f6b 38 API calls 25792->26089 25793 ab9935 26095 abe4a9 96 API calls 25793->26095 26070 ab89c8 25794->26070 25797 ab976c 25820 ab97c5 25797->25820 26076 ab4727 25797->26076 25800 ab9a3a 25804 ab9a8c 25800->25804 25817 ab9a45 25800->25817 25801 ab9990 25801->25800 25806 ab99bb 25801->25806 25812 ab9a2c 25804->25812 26099 ab8db3 119 API calls 25804->26099 25805 ab9a8a 25808 aba801 80 API calls 25805->25808 25809 abb4c1 3 API calls 25806->25809 25806->25812 25814 ab9ae8 25806->25814 25807 aba14a 25810 aba801 80 API calls 25807->25810 25808->25782 25813 ab99f3 25809->25813 25810->25782 25812->25805 25812->25814 25813->25812 26097 aba50a 97 API calls 25813->26097 25814->25807 25831 ab9b53 25814->25831 26100 abab1c 25814->26100 25815 abbf0a 27 API calls 25818 ab9ba2 25815->25818 25817->25805 26098 ab8b7c 123 API calls 25817->26098 25823 abbf0a 27 API calls 25818->25823 25819 ab98ed 26094 ab237a 74 API calls 25819->26094 25820->25782 25820->25819 25827 ab98f4 Concurrency::cancel_current_task 25820->25827 26090 ab87fb 41 API calls 25820->26090 26091 abe4a9 96 API calls 25820->26091 26092 ab237a 74 API calls 25820->26092 26093 ab8f28 99 API calls 25820->26093 25838 ab9bb8 25823->25838 25827->25801 26096 ab851f 50 API calls 2 library calls 25827->26096 25829 ab9b41 26104 ab7951 77 API calls 25829->26104 25831->25815 25832 ab9c8b 25833 ab9ce7 25832->25833 25834 ab9e85 25832->25834 25837 ab9cff 25833->25837 25842 ab9da7 25833->25842 25835 ab9eab 25834->25835 25836 ab9e97 25834->25836 25858 ab9d20 25834->25858 25841 ac4586 75 API calls 25835->25841 25839 aba475 138 API calls 25836->25839 25840 ab9d46 25837->25840 25846 ab9d0e 25837->25846 25838->25832 25843 ab9c62 25838->25843 25851 abaa7a 79 API calls 25838->25851 25839->25858 25840->25858 26107 ab829b 112 API calls 25840->26107 25844 ab9ec4 25841->25844 26108 ab8f6b 38 API calls 25842->26108 25843->25832 26105 abac9c 82 API calls 25843->26105 26111 ac422f 138 API calls 25844->26111 26106 ab237a 74 API calls 25846->26106 25849 ab9e76 25849->25704 25851->25843 25853 ab9dec 25854 ab9e08 25853->25854 25855 ab9e1f 25853->25855 25853->25858 26109 ab8037 85 API calls 25854->26109 26110 aba212 103 API calls __EH_prolog 25855->26110 25858->25849 25861 ab9fca 25858->25861 26112 ab237a 74 API calls 25858->26112 25860 aba0d5 25860->25807 25862 abb8e6 3 API calls 25860->25862 25861->25807 25861->25860 25863 aba083 25861->25863 26080 abb199 SetEndOfFile 25861->26080 25866 aba130 25862->25866 26081 abb032 25863->26081 25866->25807 26113 ab237a 74 API calls 25866->26113 25867 aba0ca 25869 aba880 77 API calls 25867->25869 25869->25860 25870 aba140 26114 ab7871 76 API calls 25870->26114 25873 ab1653 25872->25873 25875 ab1665 Concurrency::cancel_current_task 25872->25875 25873->25875 26130 ab16b2 26 API calls 25873->26130 25876 ab2111 26 API calls 25875->25876 25877 ab1694 25876->25877 26131 abe339 25877->26131 25881 abb1e9 25880->25881 25882 abb1f3 25881->25882 26139 ab77af 78 API calls 25881->26139 25882->25693 25884->25710 25886 abc20d _abort 25885->25886 25891 abc0d3 25886->25891 25898 abc0b4 25891->25898 25893 abc148 25894 ab2111 25893->25894 25895 ab212b 25894->25895 25896 ab211c 25894->25896 25895->25725 25902 ab136b 26 API calls Concurrency::cancel_current_task 25896->25902 25899 abc0bd 25898->25899 25901 abc0c2 25898->25901 25900 ab2111 26 API calls 25899->25900 25900->25901 25901->25893 25902->25895 25908 ab1822 25903->25908 25906->25740 25907->25741 25909 ab1834 25908->25909 25915 ab13f2 25908->25915 25910 ab185d 25909->25910 25918 ab76e9 76 API calls __vswprintf_c_l 25909->25918 25912 ad521e 22 API calls 25910->25912 25916 ab187a 25912->25916 25913 ab1853 25919 ab775a 75 API calls 25913->25919 25915->25745 25916->25915 25920 ab775a 75 API calls 25916->25920 25918->25913 25919->25910 25920->25915 25922 ab1a8a 25921->25922 25923 ab1a8e 25921->25923 25922->25749 25925 ab19c5 25923->25925 25926 ab19d7 25925->25926 25927 ab1a14 25925->25927 25928 ab4264 116 API calls 25926->25928 25933 ab46ce 25927->25933 25931 ab19f7 25928->25931 25931->25922 25937 ab46d7 25933->25937 25934 ab4264 116 API calls 25934->25937 25935 ab1a35 25935->25931 25938 ab1f30 25935->25938 25937->25934 25937->25935 25950 ac2128 25937->25950 25939 ab1f3a __EH_prolog 25938->25939 25958 ab42f1 25939->25958 25941 ab1f61 25942 ab1822 78 API calls 25941->25942 25949 ab1fe8 25941->25949 25943 ab1f78 25942->25943 25986 ab190b 78 API calls 25943->25986 25945 ab1f90 25947 ab1f9c _wcslen 25945->25947 25987 ac2ed2 MultiByteToWideChar 25945->25987 25988 ab190b 78 API calls 25947->25988 25949->25931 25951 ac212f 25950->25951 25952 ac214a 25951->25952 25956 ab76e4 RaiseException CallUnexpected 25951->25956 25954 ac215b SetThreadExecutionState 25952->25954 25957 ab76e4 RaiseException CallUnexpected 25952->25957 25954->25937 25956->25952 25957->25954 25959 ab42fb __EH_prolog 25958->25959 25960 ab432d 25959->25960 25961 ab4311 25959->25961 25962 ab4588 25960->25962 25966 ab4359 25960->25966 26014 ab1397 74 API calls 25961->26014 26026 ab1397 74 API calls 25962->26026 25965 ab431c 25965->25941 25966->25965 25989 ac4586 25966->25989 25968 ab43da 25969 ab4465 25968->25969 25985 ab43d1 25968->25985 26017 abe4a9 96 API calls 25968->26017 25999 abbf0a 25969->25999 25970 ab43d6 25970->25968 26016 ab252a 78 API calls 25970->26016 25972 ab43a8 25972->25968 25972->25970 25973 ab43c6 25972->25973 26015 ab1397 74 API calls 25973->26015 25978 ab4478 25979 ab450e 25978->25979 25980 ab44fe 25978->25980 26018 ac422f 138 API calls 25979->26018 26003 aba475 25980->26003 25983 ab450c 25983->25985 26019 ab237a 74 API calls 25983->26019 26020 ac3546 25985->26020 25986->25945 25987->25947 25988->25949 25990 ac459b 25989->25990 25992 ac45a5 ___std_exception_copy 25989->25992 26027 ab775a 75 API calls 25990->26027 25993 ac46d5 25992->25993 25994 ac462b 25992->25994 25998 ac464f _abort 25992->25998 26029 ad3340 RaiseException 25993->26029 26028 ac44b9 75 API calls 3 library calls 25994->26028 25997 ac4701 25998->25972 26000 abbf18 25999->26000 26002 abbf22 25999->26002 26001 acfebe 27 API calls 26000->26001 26001->26002 26002->25978 26004 aba47f __EH_prolog 26003->26004 26030 ab8a1f 26004->26030 26007 ab13d9 78 API calls 26008 aba492 26007->26008 26033 abe56c 26008->26033 26010 aba4ee 26010->25983 26012 abe56c 133 API calls 26013 aba4a5 26012->26013 26013->26010 26013->26012 26042 abe758 97 API calls __InternalCxxFrameHandler 26013->26042 26014->25965 26015->25985 26016->25968 26017->25969 26018->25983 26019->25985 26022 ac3550 26020->26022 26021 ac3569 26043 ac220d 86 API calls 26021->26043 26022->26021 26025 ac357d 26022->26025 26024 ac3570 Concurrency::cancel_current_task 26024->26025 26026->25965 26027->25992 26028->25998 26029->25997 26031 abc619 GetVersionExW 26030->26031 26032 ab8a24 26031->26032 26032->26007 26040 abe582 __InternalCxxFrameHandler 26033->26040 26034 abe6f2 26035 abe726 26034->26035 26036 abe523 6 API calls 26034->26036 26037 ac2128 SetThreadExecutionState RaiseException 26035->26037 26036->26035 26039 abe6e9 26037->26039 26038 ac9cad 118 API calls 26038->26040 26039->26013 26040->26034 26040->26038 26040->26039 26041 abbff5 91 API calls 26040->26041 26041->26040 26042->26013 26043->26024 26045 abe3a5 26044->26045 26047 abe3ac 26044->26047 26049 abaa7a 26045->26049 26047->25753 26048->25755 26050 abaa93 26049->26050 26052 abb110 79 API calls 26050->26052 26051 abaac5 26051->26047 26052->26051 26054 acefb8 26053->26054 26055 abf937 53 API calls 26054->26055 26056 acefdb 26055->26056 26057 ab4a20 _swprintf 51 API calls 26056->26057 26058 acefed 26057->26058 26059 ace619 16 API calls 26058->26059 26060 ac2eca 26059->26060 26060->25704 26061->25768 26062->25768 26063->25766 26065 ab66ef 26064->26065 26117 ab65fb 26065->26117 26068 ab6722 26069 ab675a 26068->26069 26122 abc6af CharUpperW CompareStringW ___vcrt_FlsSetValue _wcslen 26068->26122 26069->25783 26071 ab89dd 26070->26071 26072 ab8a15 26071->26072 26128 ab7931 74 API calls 26071->26128 26072->25782 26072->25793 26072->25797 26074 ab8a0d 26129 ab1397 74 API calls 26074->26129 26077 ab4731 __EH_prolog 26076->26077 26078 acfebe 27 API calls 26077->26078 26079 ab4747 __InternalCxxFrameHandler 26077->26079 26078->26079 26079->25820 26080->25863 26082 abb043 26081->26082 26085 abb052 26081->26085 26083 abb049 FlushFileBuffers 26082->26083 26082->26085 26083->26085 26084 abb0cf SetFileTime 26084->25867 26085->26084 26086->25775 26087->25789 26088->25792 26089->25785 26090->25820 26091->25820 26092->25820 26093->25820 26094->25827 26095->25827 26096->25801 26097->25812 26098->25805 26099->25812 26101 ab9b2b 26100->26101 26102 abab25 GetFileType 26100->26102 26101->25831 26103 ab237a 74 API calls 26101->26103 26102->26101 26103->25829 26104->25831 26105->25832 26106->25858 26107->25858 26108->25853 26109->25858 26110->25858 26111->25858 26112->25861 26113->25870 26114->25807 26115->25782 26116->25782 26123 ab64f8 26117->26123 26120 ab64f8 2 API calls 26121 ab661c 26120->26121 26121->26068 26122->26068 26124 ab6502 26123->26124 26126 ab65ea 26124->26126 26127 abc6af CharUpperW CompareStringW ___vcrt_FlsSetValue _wcslen 26124->26127 26126->26120 26126->26121 26127->26124 26128->26074 26129->26072 26132 abe34a Concurrency::cancel_current_task 26131->26132 26137 abbd8e 86 API calls Concurrency::cancel_current_task 26132->26137 26134 abe37c 26138 abbd8e 86 API calls Concurrency::cancel_current_task 26134->26138 26136 abe387 26137->26134 26138->26136 26139->25882 26141 abbaa1 26140->26141 26142 abbaba FindFirstFileW 26141->26142 26143 abbb20 FindNextFileW 26141->26143 26144 abbb02 26142->26144 26146 abbac9 26142->26146 26143->26144 26145 abbb2b GetLastError 26143->26145 26144->25714 26145->26144 26147 abcf32 GetCurrentDirectoryW 26146->26147 26148 abbad9 26147->26148 26149 abbadd FindFirstFileW 26148->26149 26150 abbaf7 GetLastError 26148->26150 26149->26144 26149->26150 26150->26144 26152 aba458 _abort 26151->26152 26154 aba425 26151->26154 26152->25656 26153 abb470 3 API calls 26153->26154 26154->26152 26154->26153 26155->25549 26156->25557 26157->25557 26158->25560 26159->25566 26161 abb1d2 78 API calls 26160->26161 26162 ab208f 26161->26162 26163 ab1ad3 116 API calls 26162->26163 26166 ab20ac 26162->26166 26164 ab209c 26163->26164 26164->26166 26167 ab1397 74 API calls 26164->26167 26166->25574 26166->25575 26167->26166 26220 acd8d8 98 API calls 4 library calls 26257 ad4bd0 5 API calls CatchGuardHandler 26170 abacd4 26174 abacde 26170->26174 26171 abae2c SetFilePointer 26172 abacf4 26171->26172 26173 abae49 GetLastError 26171->26173 26173->26172 26174->26171 26174->26172 26175 abae05 26174->26175 26176 abaa7a 79 API calls 26174->26176 26175->26171 26176->26175 26192 ac742e 138 API calls __InternalCxxFrameHandler 24025 abca2e 24026 abca40 _abort 24025->24026 24029 ac23fb 24026->24029 24032 ac23bd GetCurrentProcess GetProcessAffinityMask 24029->24032 24033 abca97 24032->24033 24035 acf32b 14 API calls ___delayLoadHelper2@8 26239 ad962a 55 API calls _free 26221 ab6920 41 API calls __EH_prolog 26193 acd420 91 API calls _swprintf 24097 ada620 24105 adbf6f 24097->24105 24100 ada634 24102 ada63c 24103 ada649 24102->24103 24113 ada650 11 API calls 24102->24113 24114 adbe58 24105->24114 24108 adbf9f 24121 ad0d7c 24108->24121 24109 adbfae TlsAlloc 24109->24108 24111 ada62a 24111->24100 24112 ada599 20 API calls 2 library calls 24111->24112 24112->24102 24113->24100 24115 adbe88 24114->24115 24118 adbe84 24114->24118 24115->24108 24115->24109 24116 adbea8 24116->24115 24119 adbeb4 GetProcAddress 24116->24119 24118->24115 24118->24116 24128 adbef4 24118->24128 24120 adbec4 __dosmaperr 24119->24120 24120->24115 24122 ad0d85 IsProcessorFeaturePresent 24121->24122 24123 ad0d84 24121->24123 24125 ad0dc7 24122->24125 24123->24111 24135 ad0d8a SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 24125->24135 24127 ad0eaa 24127->24111 24129 adbf0a 24128->24129 24130 adbf15 LoadLibraryExW 24128->24130 24129->24118 24131 adbf4a 24130->24131 24132 adbf32 GetLastError 24130->24132 24131->24129 24134 adbf61 FreeLibrary 24131->24134 24132->24131 24133 adbf3d LoadLibraryExW 24132->24133 24133->24131 24134->24129 24135->24127 26194 ab1025 29 API calls 24136 acf73d 24137 acf704 24136->24137 24137->24136 24138 acf9e9 ___delayLoadHelper2@8 14 API calls 24137->24138 24138->24137 24142 ab213d 24143 ab2148 24142->24143 24145 ab2150 24142->24145 24161 ab2162 27 API calls Concurrency::cancel_current_task 24143->24161 24146 ab214e 24145->24146 24148 acfebe 24145->24148 24150 acfec3 ___std_exception_copy 24148->24150 24149 acfedd 24149->24146 24150->24149 24152 acfedf 24150->24152 24164 ad8e5c 7 API calls 2 library calls 24150->24164 24153 ab48f5 Concurrency::cancel_current_task 24152->24153 24154 acfee9 24152->24154 24162 ad3340 RaiseException 24153->24162 24165 ad3340 RaiseException 24154->24165 24157 ab4911 24159 ab4927 24157->24159 24163 ab136b 26 API calls Concurrency::cancel_current_task 24157->24163 24158 ad0820 24159->24146 24161->24146 24162->24157 24163->24159 24164->24150 24165->24158 24166 ac0534 24167 ac053c FreeLibrary 24166->24167 24168 ac0544 24166->24168 24167->24168 26195 ab2430 26 API calls std::bad_exception::bad_exception 26196 ab2037 143 API calls __EH_prolog 24170 acf431 24171 acf335 24170->24171 24172 acf9e9 ___delayLoadHelper2@8 14 API calls 24171->24172 24172->24171 26259 ad9330 52 API calls 3 library calls 26260 ad0733 20 API calls 24211 abb20a 24212 abb218 24211->24212 24213 abb21f 24211->24213 24214 abb22c GetStdHandle 24213->24214 24221 abb23b 24213->24221 24214->24221 24215 abb293 WriteFile 24215->24221 24216 abb25f 24217 abb264 WriteFile 24216->24217 24216->24221 24217->24216 24217->24221 24219 abb325 24223 ab7951 77 API calls 24219->24223 24221->24212 24221->24215 24221->24216 24221->24217 24221->24219 24222 ab765a 78 API calls 24221->24222 24222->24221 24223->24212 26262 ac2f0b GetCPInfo IsDBCSLeadByte 26197 ab1800 86 API calls Concurrency::cancel_current_task 26242 ad0600 27 API calls 24225 acf002 24226 acf00f 24225->24226 24233 abf937 24226->24233 24234 abf947 24233->24234 24245 abf968 24234->24245 24237 ab4a20 24268 ab49f3 24237->24268 24240 acc758 PeekMessageW 24241 acc7ac 24240->24241 24242 acc773 GetMessageW 24240->24242 24243 acc798 TranslateMessage DispatchMessageW 24242->24243 24244 acc789 IsDialogMessageW 24242->24244 24243->24241 24244->24241 24244->24243 24251 abecd0 24245->24251 24248 abf98b LoadStringW 24249 abf965 24248->24249 24250 abf9a2 LoadStringW 24248->24250 24249->24237 24250->24249 24256 abec0c 24251->24256 24253 abeced 24254 abed02 24253->24254 24264 abed10 26 API calls 24253->24264 24254->24248 24254->24249 24257 abec24 24256->24257 24263 abeca4 _strncpy 24256->24263 24259 abec48 24257->24259 24265 ac30f5 WideCharToMultiByte 24257->24265 24262 abec79 24259->24262 24266 abf8d1 50 API calls __vsnprintf 24259->24266 24267 ad7571 26 API calls 3 library calls 24262->24267 24263->24253 24264->24254 24265->24259 24266->24262 24267->24263 24269 ab4a0a __vswprintf_c_l 24268->24269 24272 ad72e2 24269->24272 24275 ad53a5 24272->24275 24276 ad53cd 24275->24276 24277 ad53e5 24275->24277 24292 ada7eb 20 API calls __dosmaperr 24276->24292 24277->24276 24279 ad53ed 24277->24279 24294 ad5944 24279->24294 24280 ad53d2 24293 ad51b9 26 API calls ___std_exception_copy 24280->24293 24285 ad0d7c CatchGuardHandler 5 API calls 24287 ab4a14 SetDlgItemTextW 24285->24287 24286 ad5475 24303 ad5cf4 51 API calls 4 library calls 24286->24303 24287->24240 24290 ad53dd 24290->24285 24291 ad5480 24304 ad59c7 20 API calls _free 24291->24304 24292->24280 24293->24290 24295 ad5961 24294->24295 24301 ad53fd 24294->24301 24295->24301 24305 ada515 GetLastError 24295->24305 24297 ad5982 24325 adaaf6 38 API calls __fassign 24297->24325 24299 ad599b 24326 adab23 38 API calls __fassign 24299->24326 24302 ad590f 20 API calls 2 library calls 24301->24302 24302->24286 24303->24291 24304->24290 24306 ada52b 24305->24306 24307 ada531 24305->24307 24327 adc01b 11 API calls 2 library calls 24306->24327 24311 ada580 SetLastError 24307->24311 24328 adc2f6 24307->24328 24311->24297 24314 ada560 24316 ada54b 24314->24316 24317 ada567 24314->24317 24315 ada551 24319 ada58c SetLastError 24315->24319 24335 ada66a 24316->24335 24342 ada380 20 API calls __dosmaperr 24317->24342 24343 ada0f4 38 API calls _abort 24319->24343 24320 ada572 24322 ada66a _free 20 API calls 24320->24322 24324 ada579 24322->24324 24324->24311 24324->24319 24325->24299 24326->24301 24327->24307 24333 adc303 __dosmaperr 24328->24333 24329 adc343 24345 ada7eb 20 API calls __dosmaperr 24329->24345 24330 adc32e RtlAllocateHeap 24332 ada543 24330->24332 24330->24333 24332->24316 24341 adc071 11 API calls 2 library calls 24332->24341 24333->24329 24333->24330 24344 ad8e5c 7 API calls 2 library calls 24333->24344 24336 ada675 RtlFreeHeap 24335->24336 24337 ada69e __dosmaperr 24335->24337 24336->24337 24338 ada68a 24336->24338 24337->24315 24346 ada7eb 20 API calls __dosmaperr 24338->24346 24340 ada690 GetLastError 24340->24337 24341->24314 24342->24320 24344->24333 24345->24332 24346->24340 26223 ae3100 CloseHandle 26264 acc316 GetDlgItem KiUserCallbackDispatcher ShowWindow SendMessageW 24464 add211 31 API calls CatchGuardHandler 26199 acb410 GdipDisposeImage GdipFree 24466 ad0612 24467 ad061e ___scrt_is_nonwritable_in_current_image 24466->24467 24498 ad01ac 24467->24498 24469 ad0625 24470 ad0778 24469->24470 24473 ad064f 24469->24473 24575 ad0a0a IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _abort 24470->24575 24472 ad077f 24568 ad931a 24472->24568 24483 ad068e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24473->24483 24509 ad9ebd 24473->24509 24480 ad066e 24482 ad06ef 24517 ad0b25 GetStartupInfoW _abort 24482->24517 24483->24482 24571 ad8e0c 38 API calls 3 library calls 24483->24571 24485 ad06f5 24518 ad9e0e 51 API calls 24485->24518 24488 ad06fd 24519 acf05c 24488->24519 24492 ad0711 24492->24472 24493 ad0715 24492->24493 24494 ad071e 24493->24494 24573 ad92bd 28 API calls _abort 24493->24573 24574 ad031d 12 API calls ___scrt_uninitialize_crt 24494->24574 24497 ad0726 24497->24480 24499 ad01b5 24498->24499 24577 ad0826 IsProcessorFeaturePresent 24499->24577 24501 ad01c1 24578 ad3bee 24501->24578 24503 ad01c6 24508 ad01ca 24503->24508 24586 ad9d47 24503->24586 24506 ad01e1 24506->24469 24508->24469 24511 ad9ed4 24509->24511 24510 ad0d7c CatchGuardHandler 5 API calls 24512 ad0668 24510->24512 24511->24510 24512->24480 24513 ad9e61 24512->24513 24514 ad9e90 24513->24514 24515 ad0d7c CatchGuardHandler 5 API calls 24514->24515 24516 ad9eb9 24515->24516 24516->24483 24517->24485 24518->24488 24677 ac1b83 24519->24677 24523 acf07c 24726 acbd1b 24523->24726 24525 acf085 _abort 24526 acf098 GetCommandLineW 24525->24526 24527 acf13c GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24526->24527 24528 acf0ab 24526->24528 24530 ab4a20 _swprintf 51 API calls 24527->24530 24730 acd708 83 API calls 24528->24730 24532 acf1a3 SetEnvironmentVariableW GetModuleHandleW LoadIconW 24530->24532 24531 acf0b1 24533 acf0b9 OpenFileMappingW 24531->24533 24534 acf136 24531->24534 24748 acc8cd LoadBitmapW 24532->24748 24537 acf12d CloseHandle 24533->24537 24538 acf0d1 MapViewOfFile 24533->24538 24786 aced2e SetEnvironmentVariableW SetEnvironmentVariableW 24534->24786 24537->24527 24540 acf126 UnmapViewOfFile 24538->24540 24541 acf0e2 __InternalCxxFrameHandler 24538->24541 24540->24537 24731 aced2e SetEnvironmentVariableW SetEnvironmentVariableW 24541->24731 24547 acf0fe 24732 ac069c 24547->24732 24548 aca0d7 27 API calls 24550 acf203 DialogBoxParamW 24548->24550 24554 acf23d 24550->24554 24553 acf11d 24553->24540 24555 acf24f Sleep 24554->24555 24556 acf256 24554->24556 24555->24556 24558 acf264 24556->24558 24775 acbfb3 24556->24775 24559 acf283 DeleteObject 24558->24559 24560 acf29f 24559->24560 24561 acf298 DeleteObject 24559->24561 24562 acf2d0 24560->24562 24563 acf2e2 24560->24563 24561->24560 24564 aced8b 6 API calls 24562->24564 24783 acbd81 24563->24783 24565 acf2d6 CloseHandle 24564->24565 24565->24563 24567 acf31c 24572 ad0b5b GetModuleHandleW 24567->24572 24977 ad9097 24568->24977 24571->24482 24572->24492 24573->24494 24574->24497 24575->24472 24577->24501 24590 ad4c97 24578->24590 24582 ad3c0a 24582->24503 24583 ad3bff 24583->24582 24604 ad4cd3 DeleteCriticalSection 24583->24604 24585 ad3bf7 24585->24503 24631 add21a 24586->24631 24589 ad3c0d 7 API calls 2 library calls 24589->24508 24591 ad4ca0 24590->24591 24593 ad4cc9 24591->24593 24594 ad3bf3 24591->24594 24605 ad4edc 24591->24605 24610 ad4cd3 DeleteCriticalSection 24593->24610 24594->24585 24596 ad3d1c 24594->24596 24624 ad4ded 24596->24624 24599 ad3d31 24599->24583 24601 ad3d3f 24602 ad3d4c 24601->24602 24630 ad3d4f 6 API calls ___vcrt_FlsFree 24601->24630 24602->24583 24604->24585 24611 ad4d02 24605->24611 24608 ad4f14 InitializeCriticalSectionAndSpinCount 24609 ad4eff 24608->24609 24609->24591 24610->24594 24612 ad4d23 24611->24612 24613 ad4d1f 24611->24613 24612->24613 24614 ad4d8b GetProcAddress 24612->24614 24617 ad4d7c 24612->24617 24619 ad4da2 LoadLibraryExW 24612->24619 24613->24608 24613->24609 24614->24613 24616 ad4d99 24614->24616 24616->24613 24617->24614 24618 ad4d84 FreeLibrary 24617->24618 24618->24614 24620 ad4db9 GetLastError 24619->24620 24621 ad4de9 24619->24621 24620->24621 24622 ad4dc4 ___vcrt_FlsSetValue 24620->24622 24621->24612 24622->24621 24623 ad4dda LoadLibraryExW 24622->24623 24623->24612 24625 ad4d02 ___vcrt_FlsSetValue 5 API calls 24624->24625 24626 ad4e07 24625->24626 24627 ad4e20 TlsAlloc 24626->24627 24628 ad3d26 24626->24628 24628->24599 24629 ad4e9e 6 API calls ___vcrt_FlsSetValue 24628->24629 24629->24601 24630->24599 24634 add233 24631->24634 24635 add237 24631->24635 24632 ad0d7c CatchGuardHandler 5 API calls 24633 ad01d3 24632->24633 24633->24506 24633->24589 24634->24632 24635->24634 24637 adb860 24635->24637 24638 adb86c ___scrt_is_nonwritable_in_current_image 24637->24638 24649 adbdf1 EnterCriticalSection 24638->24649 24640 adb873 24650 add6e8 24640->24650 24642 adb882 24643 adb891 24642->24643 24663 adb6e9 29 API calls 24642->24663 24665 adb8ad LeaveCriticalSection _abort 24643->24665 24646 adb88c 24664 adb79f GetStdHandle GetFileType 24646->24664 24647 adb8a2 _abort 24647->24635 24649->24640 24651 add6f4 ___scrt_is_nonwritable_in_current_image 24650->24651 24652 add718 24651->24652 24653 add701 24651->24653 24666 adbdf1 EnterCriticalSection 24652->24666 24674 ada7eb 20 API calls __dosmaperr 24653->24674 24656 add706 24675 ad51b9 26 API calls ___std_exception_copy 24656->24675 24658 add710 _abort 24658->24642 24659 add750 24676 add777 LeaveCriticalSection _abort 24659->24676 24661 add724 24661->24659 24667 add639 24661->24667 24663->24646 24664->24643 24665->24647 24666->24661 24668 adc2f6 __dosmaperr 20 API calls 24667->24668 24670 add64b 24668->24670 24669 add658 24671 ada66a _free 20 API calls 24669->24671 24670->24669 24672 adc0ca 11 API calls 24670->24672 24673 add6aa 24671->24673 24672->24670 24673->24661 24674->24656 24675->24658 24676->24658 24678 acffd0 24677->24678 24679 ac1b8d GetModuleHandleW 24678->24679 24680 ac1ba8 GetProcAddress 24679->24680 24681 ac1c07 24679->24681 24682 ac1bd9 GetProcAddress 24680->24682 24683 ac1bc1 24680->24683 24684 ac1f34 GetModuleFileNameW 24681->24684 24796 ad89ee 42 API calls __vsnwprintf_l 24681->24796 24685 ac1beb 24682->24685 24683->24682 24693 ac1f52 24684->24693 24685->24681 24687 ac1e74 24687->24684 24688 ac1e7f GetModuleFileNameW CreateFileW 24687->24688 24689 ac1eaf SetFilePointer 24688->24689 24690 ac1f28 CloseHandle 24688->24690 24689->24690 24691 ac1ebd ReadFile 24689->24691 24690->24684 24691->24690 24695 ac1edb 24691->24695 24696 ac1fb4 GetFileAttributesW 24693->24696 24698 ac1f7d CompareStringW 24693->24698 24699 ac1fcc 24693->24699 24787 abc619 24693->24787 24790 ac1b3b 24693->24790 24695->24690 24697 ac1b3b 2 API calls 24695->24697 24696->24693 24696->24699 24697->24695 24698->24693 24701 ac200c 24699->24701 24702 ac1fd7 24699->24702 24700 ac211b 24725 acb65d GetCurrentDirectoryW 24700->24725 24701->24700 24705 abc619 GetVersionExW 24701->24705 24703 ac1ff0 GetFileAttributesW 24702->24703 24704 ac2008 24702->24704 24703->24702 24703->24704 24704->24701 24706 ac2026 24705->24706 24707 ac202d 24706->24707 24708 ac2093 24706->24708 24710 ac1b3b 2 API calls 24707->24710 24709 ab4a20 _swprintf 51 API calls 24708->24709 24711 ac20bb AllocConsole 24709->24711 24712 ac2037 24710->24712 24713 ac20c8 GetCurrentProcessId AttachConsole 24711->24713 24714 ac2113 ExitProcess 24711->24714 24715 ac1b3b 2 API calls 24712->24715 24797 ad4fa3 24713->24797 24717 ac2041 24715->24717 24719 abf937 53 API calls 24717->24719 24718 ac20e9 GetStdHandle WriteConsoleW Sleep FreeConsole 24718->24714 24720 ac205c 24719->24720 24721 ab4a20 _swprintf 51 API calls 24720->24721 24722 ac206f 24721->24722 24723 abf937 53 API calls 24722->24723 24724 ac207e 24723->24724 24724->24714 24725->24523 24727 ac1b3b 2 API calls 24726->24727 24728 acbd2f OleInitialize 24727->24728 24729 acbd52 GdiplusStartup SHGetMalloc 24728->24729 24729->24525 24730->24531 24731->24547 24733 ac06b4 24732->24733 24734 ac06aa 24732->24734 24736 ac0729 GetCurrentProcessId 24733->24736 24738 ac06ce 24733->24738 24799 ac0627 24734->24799 24737 ac0703 24736->24737 24744 ac0752 24737->24744 24738->24737 24805 ab76e9 76 API calls __vswprintf_c_l 24738->24805 24740 ac06f1 24806 ab7871 76 API calls 24740->24806 24742 ac06fa 24807 ab76e4 RaiseException CallUnexpected 24742->24807 24746 ac075b _wcslen 24744->24746 24745 ac0786 24745->24553 24746->24745 24808 ac0665 24746->24808 24749 acc8ee 24748->24749 24750 acc8fb GetObjectW 24748->24750 24817 acb6d2 FindResourceW 24749->24817 24752 acc90a 24750->24752 24812 acb5d6 24752->24812 24756 acc960 24767 abed62 24756->24767 24757 acc93c 24831 acb615 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24757->24831 24758 acb6d2 12 API calls 24760 acc92d 24758->24760 24760->24757 24762 acc933 DeleteObject 24760->24762 24761 acc944 24832 acb5f4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24761->24832 24762->24757 24764 acc94d 24833 acb81c 8 API calls 24764->24833 24766 acc954 DeleteObject 24766->24756 24844 abed87 24767->24844 24772 aca0d7 24773 acfebe 27 API calls 24772->24773 24774 aca0f6 24773->24774 24774->24548 24777 acbfc0 24775->24777 24776 acc04e 24776->24558 24777->24776 24973 ac3338 24777->24973 24779 acbfe8 24779->24776 24976 acbc19 SetCurrentDirectoryW 24779->24976 24781 acbff6 _abort _wcslen 24782 acc02a SHFileOperationW 24781->24782 24782->24776 24784 acbdb0 GdiplusShutdown OleUninitialize 24783->24784 24784->24567 24786->24527 24788 abc669 24787->24788 24789 abc62d GetVersionExW 24787->24789 24788->24693 24789->24788 24791 acffd0 24790->24791 24792 ac1b48 GetSystemDirectoryW 24791->24792 24793 ac1b7e 24792->24793 24794 ac1b60 24792->24794 24793->24693 24795 ac1b71 LoadLibraryW 24794->24795 24795->24793 24796->24687 24798 ad4fab 24797->24798 24798->24718 24798->24798 24800 ac0630 24799->24800 24801 ac065f 24799->24801 24802 ac1b3b 2 API calls 24800->24802 24801->24733 24803 ac063a 24802->24803 24803->24801 24804 ac0640 GetProcAddress GetProcAddress 24803->24804 24804->24801 24805->24740 24806->24742 24807->24737 24809 ac0673 __InternalCxxFrameHandler 24808->24809 24810 ac069c 82 API calls 24809->24810 24811 ac0697 24810->24811 24811->24745 24834 acb5f4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24812->24834 24814 acb5dd 24815 acb5e9 24814->24815 24835 acb615 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24814->24835 24815->24756 24815->24757 24815->24758 24818 acb6f5 SizeofResource 24817->24818 24823 acb7e3 24817->24823 24819 acb70c LoadResource 24818->24819 24818->24823 24820 acb721 LockResource 24819->24820 24819->24823 24821 acb732 GlobalAlloc 24820->24821 24820->24823 24822 acb74d GlobalLock 24821->24822 24821->24823 24824 acb7dc GlobalFree 24822->24824 24825 acb75c __InternalCxxFrameHandler 24822->24825 24823->24750 24823->24752 24824->24823 24826 acb7d5 GlobalUnlock 24825->24826 24836 acb636 GdipAlloc 24825->24836 24826->24824 24829 acb7aa GdipCreateHBITMAPFromBitmap 24830 acb7c0 24829->24830 24830->24826 24831->24761 24832->24764 24833->24766 24834->24814 24835->24815 24837 acb648 24836->24837 24838 acb655 24836->24838 24840 acb3c8 24837->24840 24838->24826 24838->24829 24838->24830 24841 acb3e9 GdipCreateBitmapFromStreamICM 24840->24841 24842 acb3f0 GdipCreateBitmapFromStream 24840->24842 24843 acb3f5 24841->24843 24842->24843 24843->24838 24845 abed95 __EH_prolog 24844->24845 24846 abedc4 GetModuleFileNameW 24845->24846 24847 abedf5 24845->24847 24848 abedde 24846->24848 24890 abab40 24847->24890 24848->24847 24850 abee51 24901 ad7730 24850->24901 24852 abf581 78 API calls 24855 abee25 24852->24855 24855->24850 24855->24852 24868 abf06a 24855->24868 24856 abee64 24857 ad7730 26 API calls 24856->24857 24865 abee76 ___vcrt_FlsSetValue 24857->24865 24858 abefa5 24858->24868 24937 abb000 81 API calls 24858->24937 24862 abefbf ___std_exception_copy 24863 abae60 82 API calls 24862->24863 24862->24868 24866 abefe8 ___std_exception_copy 24863->24866 24865->24858 24865->24868 24915 abb110 24865->24915 24931 abae60 24865->24931 24936 abb000 81 API calls 24865->24936 24866->24868 24886 abeff3 ___vcrt_FlsSetValue _wcslen ___std_exception_copy 24866->24886 24938 ac2ed2 MultiByteToWideChar 24866->24938 24924 aba801 24868->24924 24869 abf479 24874 abf4fe 24869->24874 24944 ada09e 26 API calls 2 library calls 24869->24944 24872 abf48e 24945 ad8a18 26 API calls 2 library calls 24872->24945 24873 abf4e6 24946 abf59c 78 API calls 24873->24946 24875 abf534 24874->24875 24879 abf581 78 API calls 24874->24879 24877 ad7730 26 API calls 24875->24877 24880 abf54d 24877->24880 24879->24874 24881 ad7730 26 API calls 24880->24881 24881->24868 24884 ac30f5 WideCharToMultiByte 24884->24886 24886->24868 24886->24869 24886->24884 24939 abf8d1 50 API calls __vsnprintf 24886->24939 24940 ad7571 26 API calls 3 library calls 24886->24940 24941 ada09e 26 API calls 2 library calls 24886->24941 24942 ad8a18 26 API calls 2 library calls 24886->24942 24943 abf59c 78 API calls 24886->24943 24888 abf5be GetModuleHandleW FindResourceW 24889 abed75 24888->24889 24889->24772 24891 abab4a 24890->24891 24892 ababab CreateFileW 24891->24892 24893 ababcc GetLastError 24892->24893 24896 abac1b 24892->24896 24894 abcf32 GetCurrentDirectoryW 24893->24894 24895 ababec 24894->24895 24895->24896 24898 ababf0 CreateFileW GetLastError 24895->24898 24897 abac5f 24896->24897 24899 abac45 SetFileTime 24896->24899 24897->24855 24898->24896 24900 abac15 24898->24900 24899->24897 24900->24896 24902 ad7769 24901->24902 24903 ad776d 24902->24903 24914 ad7795 24902->24914 24947 ada7eb 20 API calls __dosmaperr 24903->24947 24905 ad7772 24948 ad51b9 26 API calls ___std_exception_copy 24905->24948 24906 ad7ab9 24908 ad0d7c CatchGuardHandler 5 API calls 24906->24908 24910 ad7ac6 24908->24910 24909 ad777d 24911 ad0d7c CatchGuardHandler 5 API calls 24909->24911 24910->24856 24913 ad7789 24911->24913 24913->24856 24914->24906 24949 ad7650 5 API calls CatchGuardHandler 24914->24949 24916 abb122 24915->24916 24917 abb135 24915->24917 24918 abb140 24916->24918 24950 ab7800 77 API calls 24916->24950 24917->24918 24920 abb148 SetFilePointer 24917->24920 24918->24865 24920->24918 24921 abb164 GetLastError 24920->24921 24921->24918 24922 abb16e 24921->24922 24922->24918 24951 ab7800 77 API calls 24922->24951 24925 aba825 24924->24925 24930 aba836 24924->24930 24926 aba838 24925->24926 24927 aba831 24925->24927 24925->24930 24957 aba880 24926->24957 24952 aba9ae 24927->24952 24930->24888 24932 abae6c 24931->24932 24933 abae73 24931->24933 24932->24865 24933->24932 24935 aba9e5 GetStdHandle ReadFile GetLastError GetLastError GetFileType 24933->24935 24972 ab77bd 77 API calls 24933->24972 24935->24933 24936->24865 24937->24862 24938->24886 24939->24886 24940->24886 24941->24886 24942->24886 24943->24886 24944->24872 24945->24873 24946->24874 24947->24905 24948->24909 24949->24914 24950->24917 24951->24918 24953 aba9e1 24952->24953 24954 aba9b7 24952->24954 24953->24930 24954->24953 24963 abb470 24954->24963 24958 aba8aa 24957->24958 24959 aba88c 24957->24959 24960 aba8c9 24958->24960 24971 ab7685 76 API calls 24958->24971 24959->24958 24961 aba898 FindCloseChangeNotification 24959->24961 24960->24930 24961->24958 24964 acffd0 24963->24964 24965 abb47d DeleteFileW 24964->24965 24966 aba9df 24965->24966 24967 abb490 24965->24967 24966->24930 24968 abcf32 GetCurrentDirectoryW 24967->24968 24969 abb4a4 24968->24969 24969->24966 24970 abb4a8 DeleteFileW 24969->24970 24970->24966 24971->24960 24972->24933 24975 ac3345 _wcslen 24973->24975 24974 ac3378 CompareStringW 24974->24779 24975->24974 24976->24781 24978 ad90a3 _unexpected 24977->24978 24979 ad90bc 24978->24979 24980 ad90aa 24978->24980 25001 adbdf1 EnterCriticalSection 24979->25001 25016 ad91f1 GetModuleHandleW 24980->25016 24983 ad90af 24983->24979 25017 ad9235 GetModuleHandleExW 24983->25017 24984 ad90c3 24988 ad9138 24984->24988 24998 ad9161 24984->24998 25002 ad9bb0 24984->25002 24992 ad9150 24988->24992 24997 ad9e61 _abort 5 API calls 24988->24997 24990 ad917e 25008 ad91b0 24990->25008 24991 ad91aa 25025 ae3550 5 API calls CatchGuardHandler 24991->25025 24993 ad9e61 _abort 5 API calls 24992->24993 24993->24998 24997->24992 25005 ad91a1 24998->25005 25001->24984 25026 ad98e9 25002->25026 25045 adbe41 LeaveCriticalSection 25005->25045 25007 ad917a 25007->24990 25007->24991 25046 adc236 25008->25046 25011 ad91de 25014 ad9235 _abort 8 API calls 25011->25014 25012 ad91be GetPEB 25012->25011 25013 ad91ce GetCurrentProcess TerminateProcess 25012->25013 25013->25011 25015 ad91e6 ExitProcess 25014->25015 25016->24983 25018 ad925f GetProcAddress 25017->25018 25019 ad9282 25017->25019 25020 ad9274 25018->25020 25021 ad9288 FreeLibrary 25019->25021 25022 ad9291 25019->25022 25020->25019 25021->25022 25023 ad0d7c CatchGuardHandler 5 API calls 25022->25023 25024 ad90bb 25023->25024 25024->24979 25029 ad9898 25026->25029 25028 ad990d 25028->24988 25030 ad98a4 ___scrt_is_nonwritable_in_current_image 25029->25030 25037 adbdf1 EnterCriticalSection 25030->25037 25032 ad98b2 25038 ad9939 25032->25038 25036 ad98d0 _abort 25036->25028 25037->25032 25041 ad9961 25038->25041 25042 ad9959 25038->25042 25039 ad0d7c CatchGuardHandler 5 API calls 25040 ad98bf 25039->25040 25044 ad98dd LeaveCriticalSection _abort 25040->25044 25041->25042 25043 ada66a _free 20 API calls 25041->25043 25042->25039 25043->25042 25044->25036 25045->25007 25047 adc25b 25046->25047 25051 adc251 25046->25051 25048 adbe58 __dosmaperr 5 API calls 25047->25048 25048->25051 25049 ad0d7c CatchGuardHandler 5 API calls 25050 ad91ba 25049->25050 25050->25011 25050->25012 25051->25049 26244 adb660 71 API calls _free 26245 acfe61 48 API calls _unexpected 26246 ae1a60 IsProcessorFeaturePresent 26266 adc378 27 API calls 4 library calls 26228 ab2570 96 API calls 25191 ab1075 25192 ac04e5 41 API calls 25191->25192 25193 ab107a 25192->25193 25196 ad0372 29 API calls 25193->25196 25195 ab1084 25196->25195 26268 ad0747 29 API calls _abort 26229 aca540 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 26230 ad0540 46 API calls __RTC_Initialize 25242 acfd58 25243 acfd62 25242->25243 25244 acf9e9 ___delayLoadHelper2@8 14 API calls 25243->25244 25245 acfd6f 25244->25245 25246 ab6a5f 25247 ab6a79 25246->25247 25248 ab6b0f 25246->25248 25247->25248 25257 ac05ed 25247->25257 25252 ab6ac3 25253 ab6b11 25252->25253 25254 ab6ad0 25252->25254 25272 ab6b5f 96 API calls 2 library calls 25253->25272 25254->25248 25262 ab6def 25254->25262 25258 ab6aa6 25257->25258 25259 ac05f3 25257->25259 25261 ac30f5 WideCharToMultiByte 25258->25261 25260 ac0665 82 API calls 25259->25260 25260->25258 25261->25252 25264 ab6e0c 25262->25264 25269 ab6f3d __InternalCxxFrameHandler _abort 25262->25269 25265 ab6fd7 __InternalCxxFrameHandler 25264->25265 25266 ab6e59 _strlen 25264->25266 25273 ac0560 25264->25273 25267 ac069c 82 API calls 25265->25267 25278 ab6980 25266->25278 25267->25269 25269->25248 25270 ab6eee __InternalCxxFrameHandler 25271 ac069c 82 API calls 25270->25271 25271->25269 25272->25248 25274 ac05ed 82 API calls 25273->25274 25275 ac057c 25274->25275 25276 ac05ed 82 API calls 25275->25276 25277 ac058c 25276->25277 25277->25264 25279 ab698f 25278->25279 25280 ab699c 25278->25280 25282 ab67fc 41 API calls 25279->25282 25280->25270 25282->25280 26204 aba850 80 API calls Concurrency::cancel_current_task 26205 acb450 GdipCloneImage GdipAlloc 26269 ace750 70 API calls 26232 ad1550 51 API calls 2 library calls

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00ACF05C Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 202filesleeptimeCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00AC1B83: GetModuleHandleW.KERNEL32(kernel32), ref: 00AC1B9C
                                                                                                                                    • Part of subcall function 00AC1B83: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00AC1BAE
                                                                                                                                    • Part of subcall function 00AC1B83: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00AC1BDF
                                                                                                                                    • Part of subcall function 00ACB65D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00ACB665
                                                                                                                                    • Part of subcall function 00ACBD1B: OleInitialize.OLE32(00000000), ref: 00ACBD34
                                                                                                                                    • Part of subcall function 00ACBD1B: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00ACBD6B
                                                                                                                                    • Part of subcall function 00ACBD1B: SHGetMalloc.SHELL32(00AFA460), ref: 00ACBD75
                                                                                                                                  • GetCommandLineW.KERNEL32 ref: 00ACF09B
                                                                                                                                  • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00ACF0C5
                                                                                                                                  • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007402), ref: 00ACF0D6
                                                                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 00ACF127
                                                                                                                                    • Part of subcall function 00ACED2E: SetEnvironmentVariableW.KERNEL32(sfxcmd,?), ref: 00ACED44
                                                                                                                                    • Part of subcall function 00ACED2E: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00ACED80
                                                                                                                                    • Part of subcall function 00AC0752: _wcslen.LIBCMT ref: 00AC0776
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00ACF12E
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe,00000800), ref: 00ACF148
                                                                                                                                  • SetEnvironmentVariableW.KERNELBASE(sfxname,C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe), ref: 00ACF154
                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 00ACF15F
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACF19E
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00ACF1B3
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 00ACF1BA
                                                                                                                                  • LoadIconW.USER32(00000000,00000064), ref: 00ACF1D1
                                                                                                                                  • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001C9D0,00000000), ref: 00ACF222
                                                                                                                                  • Sleep.KERNEL32(?), ref: 00ACF250
                                                                                                                                  • DeleteObject.GDI32 ref: 00ACF289
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00ACF299
                                                                                                                                  • CloseHandle.KERNEL32 ref: 00ACF2DC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf_wcslen
                                                                                                                                  • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                                  • API String ID: 3014515783-4023205281
                                                                                                                                  • Opcode ID: ffb3519c5aec8c32131d9449d6bd452529965cc3f68df6762d15784261f6f198
                                                                                                                                  • Instruction ID: 0233bf852306fba0ba176803ebe1f6db46b940d608090df6f12e891afc5bf3c8
                                                                                                                                  • Opcode Fuzzy Hash: ffb3519c5aec8c32131d9449d6bd452529965cc3f68df6762d15784261f6f198
                                                                                                                                  • Instruction Fuzzy Hash: 80612071500340AFC720EBE5EC49FAA7BACEB59344F01492DF645972A2DF748945CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABBA94 Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1084 abba94-abbab8 call acffd0 1087 abbaba-abbac7 FindFirstFileW 1084->1087 1088 abbb20-abbb29 FindNextFileW 1084->1088 1089 abbb3b-abbbf8 call ac192f call abd71d call ac2924 * 3 1087->1089 1091 abbac9-abbadb call abcf32 1087->1091 1088->1089 1090 abbb2b-abbb39 GetLastError 1088->1090 1096 abbbfd-abbc0a 1089->1096 1093 abbb12-abbb1b 1090->1093 1098 abbadd-abbaf5 FindFirstFileW 1091->1098 1099 abbaf7-abbb00 GetLastError 1091->1099 1093->1096 1098->1089 1098->1099 1101 abbb02-abbb05 1099->1101 1102 abbb10 1099->1102 1101->1102 1105 abbb07-abbb0a 1101->1105 1102->1093 1105->1102 1107 abbb0c-abbb0e 1105->1107 1107->1093
                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00ABB98B,000000FF,?,?), ref: 00ABBABD
                                                                                                                                    • Part of subcall function 00ABCF32: _wcslen.LIBCMT ref: 00ABCF56
                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,?,?,00000800,?,?,?,?,00ABB98B,000000FF,?,?), ref: 00ABBAEB
                                                                                                                                  • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00ABB98B,000000FF,?,?), ref: 00ABBAF7
                                                                                                                                  • FindNextFileW.KERNEL32(?,?,?,?,?,?,00ABB98B,000000FF,?,?), ref: 00ABBB21
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00ABB98B,000000FF,?,?), ref: 00ABBB2D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 42610566-0
                                                                                                                                  • Opcode ID: 77f9995b68025d60194e20eb6b4cc3791051b2d2ed7f1aa655b4671641076e99
                                                                                                                                  • Instruction ID: 10fb0da743f4e9860809d01aa2696dc54e99bbb10bfe745dc23e15e8b499640f
                                                                                                                                  • Opcode Fuzzy Hash: 77f9995b68025d60194e20eb6b4cc3791051b2d2ed7f1aa655b4671641076e99
                                                                                                                                  • Instruction Fuzzy Hash: 4E418E72A00559ABCB25DF64CC84BE9B3BCFB48350F0001AAE56ED3201D7746E84DFA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB92C6 Relevance: 4.7, APIs: 1, Strings: 1, Instructions: 1157COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00AB92CB
                                                                                                                                    • Part of subcall function 00ABD656: _wcsrchr.LIBVCRUNTIME ref: 00ABD660
                                                                                                                                    • Part of subcall function 00ABCAA0: _wcslen.LIBCMT ref: 00ABCAA6
                                                                                                                                    • Part of subcall function 00AC1907: _wcslen.LIBCMT ref: 00AC190D
                                                                                                                                    • Part of subcall function 00ABB5D6: _wcslen.LIBCMT ref: 00ABB5E2
                                                                                                                                    • Part of subcall function 00ABB5D6: __aulldiv.LIBCMT ref: 00ABB60E
                                                                                                                                    • Part of subcall function 00ABB5D6: GetCurrentProcessId.KERNEL32(00000000,?,000186A0,00000000,?,?,00000800,?), ref: 00ABB615
                                                                                                                                    • Part of subcall function 00ABB5D6: _swprintf.LIBCMT ref: 00ABB640
                                                                                                                                    • Part of subcall function 00ABB5D6: _wcslen.LIBCMT ref: 00ABB64A
                                                                                                                                    • Part of subcall function 00ABB5D6: _swprintf.LIBCMT ref: 00ABB6A0
                                                                                                                                    • Part of subcall function 00ABB5D6: _wcslen.LIBCMT ref: 00ABB6AA
                                                                                                                                    • Part of subcall function 00AB4727: __EH_prolog.LIBCMT ref: 00AB472C
                                                                                                                                    • Part of subcall function 00ABA212: __EH_prolog.LIBCMT ref: 00ABA217
                                                                                                                                    • Part of subcall function 00ABB8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00ABB5B5,?,?,?,00ABB405,?,00000001,00000000,?,?), ref: 00ABB8FA
                                                                                                                                    • Part of subcall function 00ABB8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00ABB5B5,?,?,?,00ABB405,?,00000001,00000000,?,?), ref: 00ABB92B
                                                                                                                                  Strings
                                                                                                                                  • __tmp_reference_source_, xrefs: 00AB9596
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$H_prolog$AttributesFile_swprintf$CurrentProcess__aulldiv_wcsrchr
                                                                                                                                  • String ID: __tmp_reference_source_
                                                                                                                                  • API String ID: 70197177-685763994
                                                                                                                                  • Opcode ID: 519f41fe1c6428092c940c2e146f1dc4a9b2250f412b3bf4efb2270f90b85374
                                                                                                                                  • Instruction ID: f9e955e73cdf5772bfa7316a35f485e23fcd5373752172d5c7a34bc559b92b99
                                                                                                                                  • Opcode Fuzzy Hash: 519f41fe1c6428092c940c2e146f1dc4a9b2250f412b3bf4efb2270f90b85374
                                                                                                                                  • Instruction Fuzzy Hash: 84A22931904245AEDF15DF74C895BFABBBCBF15300F0841BAEA499B283DB359984CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD91B0 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,?,00AD9186,00000000,00AED570,0000000C,00AD92DD,00000000,00000002,00000000), ref: 00AD91D1
                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,00AD9186,00000000,00AED570,0000000C,00AD92DD,00000000,00000002,00000000), ref: 00AD91D8
                                                                                                                                  • ExitProcess.KERNEL32 ref: 00AD91EA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                  • Opcode ID: ce07ef2e19621d446ef30535d5b47688c4db556d710d2d265bf03b34c8817ee7
                                                                                                                                  • Instruction ID: 64e2e4ced3a532d7538debf58697dd7959ffd3622be1e7a3e1d7de2e9e9a9cd0
                                                                                                                                  • Opcode Fuzzy Hash: ce07ef2e19621d446ef30535d5b47688c4db556d710d2d265bf03b34c8817ee7
                                                                                                                                  • Instruction Fuzzy Hash: 0AE0BF35404149ABCF51AF94DD49A993B6EFB54751F014515F90E4A221CB39DD83CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACC9D0 Relevance: 104.0, APIs: 49, Strings: 10, Instructions: 734windowfilesleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00ACC9D5
                                                                                                                                    • Part of subcall function 00AB12F6: GetDlgItem.USER32(00000000,00003021), ref: 00AB133A
                                                                                                                                    • Part of subcall function 00AB12F6: SetWindowTextW.USER32(00000000,00AE45F4), ref: 00AB1350
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00ACCAC1
                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00ACCADF
                                                                                                                                  • IsDialogMessageW.USER32(?,?), ref: 00ACCAF2
                                                                                                                                  • TranslateMessage.USER32(?), ref: 00ACCB00
                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00ACCB0A
                                                                                                                                  • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00ACCB2D
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00ACCB50
                                                                                                                                  • GetDlgItem.USER32(?,00000068), ref: 00ACCB73
                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00ACCB8E
                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,00AE45F4), ref: 00ACCBA1
                                                                                                                                    • Part of subcall function 00ACE598: _wcslen.LIBCMT ref: 00ACE5C2
                                                                                                                                  • SetFocus.USER32(00000000), ref: 00ACCBA8
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACCC07
                                                                                                                                    • Part of subcall function 00AB4A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00AB4A33
                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00ACCC6A
                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00ACCC92
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00ACCCB0
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACCCC8
                                                                                                                                  • GetLastError.KERNEL32(?,00000011), ref: 00ACCCFA
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00ACCD4D
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACCD84
                                                                                                                                  • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007402,winrarsfxmappingfile.tmp), ref: 00ACCDD8
                                                                                                                                  • GetCommandLineW.KERNEL32 ref: 00ACCDEE
                                                                                                                                  • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,00B01482,00000400,00000001,00000001), ref: 00ACCE45
                                                                                                                                  • ShellExecuteExW.SHELL32(0000003C), ref: 00ACCE6D
                                                                                                                                  • WaitForInputIdle.USER32(?,00002710), ref: 00ACCEA1
                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00ACCEB5
                                                                                                                                  • UnmapViewOfFile.KERNEL32(?,?,0000421C,00B01482,00000400), ref: 00ACCEDE
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00ACCEE7
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACCF1A
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00ACCF79
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000065,00AE45F4), ref: 00ACCF90
                                                                                                                                  • GetDlgItem.USER32(?,00000065), ref: 00ACCF99
                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 00ACCFA8
                                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00ACCFB7
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00ACD064
                                                                                                                                  • _wcslen.LIBCMT ref: 00ACD0BA
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACD0E4
                                                                                                                                  • SendMessageW.USER32(?,00000080,00000001,0003044F), ref: 00ACD12E
                                                                                                                                  • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00ACD148
                                                                                                                                  • GetDlgItem.USER32(?,00000068), ref: 00ACD151
                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00ACD167
                                                                                                                                  • GetDlgItem.USER32(?,00000066), ref: 00ACD181
                                                                                                                                  • SetWindowTextW.USER32(00000000,00B0389A), ref: 00ACD1A3
                                                                                                                                  • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00ACD203
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00ACD216
                                                                                                                                  • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001C7B0,00000000,?), ref: 00ACD2B9
                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 00ACD393
                                                                                                                                  • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00ACD3D5
                                                                                                                                    • Part of subcall function 00ACD884: __EH_prolog.LIBCMT ref: 00ACD889
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00ACD3F9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Item$MessageText$Send$Window_swprintf$File$DialogErrorLast$H_prologLongView_wcslen$CloseCommandCountCreateDispatchEnableExecuteFocusHandleIdleInputLineMappingModuleNameParamShellSleepTickTranslateUnmapWait__vswprintf_c_l
                                                                                                                                  • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                                                                  • API String ID: 3103142498-2718804049
                                                                                                                                  • Opcode ID: 0e48d10486df740cace5ad5b56ca9575cedc87229b2723bdf923ba55d527c83c
                                                                                                                                  • Instruction ID: 86baebd738ba6e76e8a1cc8691dd54b28110370c028bf439e7ebab93e1a4434c
                                                                                                                                  • Opcode Fuzzy Hash: 0e48d10486df740cace5ad5b56ca9575cedc87229b2723bdf923ba55d527c83c
                                                                                                                                  • Instruction Fuzzy Hash: 84420371940344BAEB21EBA49D4AFFE7BBCAB11700F454069F644BB1D2CBB44E45CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC1B83 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 272 ac1b83-ac1ba6 call acffd0 GetModuleHandleW 275 ac1ba8-ac1bbf GetProcAddress 272->275 276 ac1c07-ac1e68 272->276 277 ac1bd9-ac1be9 GetProcAddress 275->277 278 ac1bc1-ac1bd7 275->278 279 ac1e6e-ac1e79 call ad89ee 276->279 280 ac1f34-ac1f60 GetModuleFileNameW call abd6a7 call ac192f 276->280 281 ac1beb-ac1c00 277->281 282 ac1c05 277->282 278->277 279->280 290 ac1e7f-ac1ead GetModuleFileNameW CreateFileW 279->290 296 ac1f62-ac1f6e call abc619 280->296 281->282 282->276 291 ac1eaf-ac1ebb SetFilePointer 290->291 292 ac1f28-ac1f2f CloseHandle 290->292 291->292 294 ac1ebd-ac1ed9 ReadFile 291->294 292->280 294->292 298 ac1edb-ac1f00 294->298 301 ac1f9d-ac1fc4 call abd71d GetFileAttributesW 296->301 302 ac1f70-ac1f7b call ac1b3b 296->302 300 ac1f1d-ac1f26 call ac169e 298->300 300->292 309 ac1f02-ac1f1c call ac1b3b 300->309 312 ac1fce 301->312 313 ac1fc6-ac1fca 301->313 302->301 311 ac1f7d-ac1f9b CompareStringW 302->311 309->300 311->301 311->313 316 ac1fd0-ac1fd5 312->316 313->296 315 ac1fcc 313->315 315->316 317 ac200c-ac200e 316->317 318 ac1fd7 316->318 319 ac211b-ac2125 317->319 320 ac2014-ac202b call abd6f1 call abc619 317->320 321 ac1fd9-ac2000 call abd71d GetFileAttributesW 318->321 331 ac202d-ac208e call ac1b3b * 2 call abf937 call ab4a20 call abf937 call acb7f4 320->331 332 ac2093-ac20c6 call ab4a20 AllocConsole 320->332 326 ac200a 321->326 327 ac2002-ac2006 321->327 326->317 327->321 329 ac2008 327->329 329->317 338 ac2113-ac2115 ExitProcess 331->338 337 ac20c8-ac210d GetCurrentProcessId AttachConsole call ad4fa3 GetStdHandle WriteConsoleW Sleep FreeConsole 332->337 332->338 337->338
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32), ref: 00AC1B9C
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00AC1BAE
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00AC1BDF
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00AC1E89
                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00AC1EA3
                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00AC1EB3
                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00007FFE,00AE4D24,00000000), ref: 00AC1ED1
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00AC1F29
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00AC1F3E
                                                                                                                                  • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00AE4D24,?,00000000,?,00000800), ref: 00AC1F92
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00AE4D24,00000800,?,00000000,?,00000800), ref: 00AC1FBC
                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00AE4DEC,00000800), ref: 00AC1FF8
                                                                                                                                    • Part of subcall function 00AC1B3B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00AC1B56
                                                                                                                                    • Part of subcall function 00AC1B3B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00AC063A,Crypt32.dll,00000000,00AC06B4,00000200,?,00AC0697,00000000,00000000,?), ref: 00AC1B78
                                                                                                                                  • _swprintf.LIBCMT ref: 00AC206A
                                                                                                                                  • _swprintf.LIBCMT ref: 00AC20B6
                                                                                                                                    • Part of subcall function 00AB4A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00AB4A33
                                                                                                                                  • AllocConsole.KERNEL32 ref: 00AC20BE
                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00AC20C8
                                                                                                                                  • AttachConsole.KERNEL32(00000000), ref: 00AC20CF
                                                                                                                                  • _wcslen.LIBCMT ref: 00AC20E4
                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00AC20F5
                                                                                                                                  • WriteConsoleW.KERNEL32(00000000), ref: 00AC20FC
                                                                                                                                  • Sleep.KERNEL32(00002710), ref: 00AC2107
                                                                                                                                  • FreeConsole.KERNEL32 ref: 00AC210D
                                                                                                                                  • ExitProcess.KERNEL32 ref: 00AC2115
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                                                                  • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                                                                                  • API String ID: 1207345701-3298887752
                                                                                                                                  • Opcode ID: ba0a96af559654bae5e6bea5e70a091998cd37e6f9b662844f5a77e05f4a4d26
                                                                                                                                  • Instruction ID: ac695e928e4b2966412a3c27077cbc321788e0f7932003393ef04b0b92842d57
                                                                                                                                  • Opcode Fuzzy Hash: ba0a96af559654bae5e6bea5e70a091998cd37e6f9b662844f5a77e05f4a4d26
                                                                                                                                  • Instruction Fuzzy Hash: A1D161B15083C49FD730DFA29888FDF7BECBB89708F51091DF2859A141DBB485498BA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABED87 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00ABED90
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00ABEDCC
                                                                                                                                    • Part of subcall function 00ABD6A7: _wcslen.LIBCMT ref: 00ABD6AF
                                                                                                                                    • Part of subcall function 00AC1907: _wcslen.LIBCMT ref: 00AC190D
                                                                                                                                    • Part of subcall function 00AC2ED2: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00ABCF18,00000000,?,?), ref: 00AC2EEE
                                                                                                                                  • _wcslen.LIBCMT ref: 00ABF109
                                                                                                                                  • __fprintf_l.LIBCMT ref: 00ABF23C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                                                                                                  • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                                                                                  • API String ID: 566448164-801612888
                                                                                                                                  • Opcode ID: 3019c700ea23bea5ac962bf3deaf4cced01ca0255844c123aad83621edc238b1
                                                                                                                                  • Instruction ID: 53e56233fab8d72da83b53c9a75d2f48c4025cd8704a69a2a3b732f959ee4f99
                                                                                                                                  • Opcode Fuzzy Hash: 3019c700ea23bea5ac962bf3deaf4cced01ca0255844c123aad83621edc238b1
                                                                                                                                  • Instruction Fuzzy Hash: A732C171900218AFCF24EF68CD41AEE77A8FF18710F48456AFA169B292E771DD85CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACE619 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00ACC758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00ACC769
                                                                                                                                    • Part of subcall function 00ACC758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00ACC77A
                                                                                                                                    • Part of subcall function 00ACC758: IsDialogMessageW.USER32(00020440,?), ref: 00ACC78E
                                                                                                                                    • Part of subcall function 00ACC758: TranslateMessage.USER32(?), ref: 00ACC79C
                                                                                                                                    • Part of subcall function 00ACC758: DispatchMessageW.USER32(?), ref: 00ACC7A6
                                                                                                                                  • GetDlgItem.USER32(00000068,00B11CF0), ref: 00ACE62D
                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,00000001,?,?,00ACC9A9,00AE60F0,00B11CF0,00B11CF0,00001000,?,00000000,?), ref: 00ACE655
                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00ACE660
                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,00AE45F4), ref: 00ACE66E
                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00ACE684
                                                                                                                                  • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00ACE69E
                                                                                                                                  • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00ACE6E2
                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00ACE6F0
                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00ACE6FF
                                                                                                                                  • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00ACE726
                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,00AE549C), ref: 00ACE735
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                                  • String ID: \
                                                                                                                                  • API String ID: 3569833718-2967466578
                                                                                                                                  • Opcode ID: 276ed029ed95f5993df2315c890f41858bc075e73eb4ea446dd2f7209c55d98d
                                                                                                                                  • Instruction ID: 1dbabf9a859438aac9d218caab07c47cb484ce9b8d0a84cb2d0c56bdd8bdcd52
                                                                                                                                  • Opcode Fuzzy Hash: 276ed029ed95f5993df2315c890f41858bc075e73eb4ea446dd2f7209c55d98d
                                                                                                                                  • Instruction Fuzzy Hash: 1331B071245B40FBD322DF30DC4AFEB3FACFB96745F800908F6A1A6190CB655A1587A6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACE8DF Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 184windowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 667 ace8df-ace8f7 call acffd0 670 ace8fd-ace909 call ad4fa3 667->670 671 aceb38-aceb40 667->671 670->671 674 ace90f-ace937 call ad11b0 670->674 677 ace939 674->677 678 ace941-ace94f 674->678 677->678 679 ace951-ace954 678->679 680 ace962-ace968 678->680 681 ace958-ace95e 679->681 682 ace9ab-ace9ae 680->682 684 ace987-ace994 681->684 685 ace960 681->685 682->681 683 ace9b0-ace9b6 682->683 686 ace9bd-ace9bf 683->686 687 ace9b8-ace9bb 683->687 689 ace99a-ace99e 684->689 690 aceb10-aceb12 684->690 688 ace972-ace97c 685->688 693 ace9d2-ace9e8 call abcd5c 686->693 694 ace9c1-ace9c8 686->694 687->686 687->693 695 ace97e 688->695 696 ace96a-ace970 688->696 691 ace9a4-ace9a9 689->691 692 aceb16 689->692 690->692 691->682 701 aceb1f 692->701 702 ace9ea-ace9f7 call ac3316 693->702 703 acea01-acea0c call abb4c1 693->703 694->693 697 ace9ca 694->697 695->684 696->688 699 ace980-ace983 696->699 697->693 699->684 704 aceb26-aceb28 701->704 702->703 714 ace9f9 702->714 712 acea0e-acea25 call abcad4 703->712 713 acea29-acea36 ShellExecuteExW 703->713 705 aceb2a-aceb2c 704->705 706 aceb37 704->706 705->706 710 aceb2e-aceb31 ShowWindow 705->710 706->671 710->706 712->713 713->706 716 acea3c-acea49 713->716 714->703 718 acea5c-acea5e 716->718 719 acea4b-acea52 716->719 721 acea75-acea88 WaitForInputIdle call aced8b 718->721 722 acea60-acea69 IsWindowVisible 718->722 719->718 720 acea54-acea5a 719->720 720->718 723 aceacb-acead7 CloseHandle 720->723 728 acea8d-acea94 721->728 722->721 724 acea6b-acea73 ShowWindow 722->724 726 aceae8-aceaf6 723->726 727 acead9-aceae6 call ac3316 723->727 724->721 726->704 730 aceaf8-aceafa 726->730 727->701 727->726 728->723 731 acea96-acea9e 728->731 730->704 733 aceafc-aceb02 730->733 731->723 734 aceaa0-aceab1 GetExitCodeProcess 731->734 733->704 736 aceb04-aceb0e 733->736 734->723 735 aceab3-aceabd 734->735 737 aceabf 735->737 738 aceac4 735->738 736->704 737->738 738->723
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 00ACE8FE
                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00ACEA2E
                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00ACEA61
                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00ACEA6D
                                                                                                                                  • WaitForInputIdle.USER32(?,000007D0), ref: 00ACEA7E
                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00ACEAA9
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00ACEACF
                                                                                                                                  • ShowWindow.USER32(?,00000001), ref: 00ACEB31
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Show$CloseCodeExecuteExitHandleIdleInputProcessShellVisibleWait_wcslen
                                                                                                                                  • String ID: .exe$.inf
                                                                                                                                  • API String ID: 3646668279-3750412487
                                                                                                                                  • Opcode ID: 4427e3255ecc92c8100ec434291bc21fef5d6dba809db68249fe23adcd217003
                                                                                                                                  • Instruction ID: ae2aba4c40123f0012c02e6f319fa92d8b20aa7f5dd26d2daf00a75fe370df4d
                                                                                                                                  • Opcode Fuzzy Hash: 4427e3255ecc92c8100ec434291bc21fef5d6dba809db68249fe23adcd217003
                                                                                                                                  • Instruction Fuzzy Hash: AB51E271104380AEDB31DB649844FBBBBE5BF84784F0A881EF5C597191EB718D44CB92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACB6D2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 739 acb6d2-acb6ef FindResourceW 740 acb7eb 739->740 741 acb6f5-acb706 SizeofResource 739->741 742 acb7ed-acb7f1 740->742 741->740 743 acb70c-acb71b LoadResource 741->743 743->740 744 acb721-acb72c LockResource 743->744 744->740 745 acb732-acb747 GlobalAlloc 744->745 746 acb74d-acb756 GlobalLock 745->746 747 acb7e3-acb7e9 745->747 748 acb7dc-acb7dd GlobalFree 746->748 749 acb75c-acb77a call ad2dc0 746->749 747->742 748->747 753 acb77c-acb79e call acb636 749->753 754 acb7d5-acb7d6 GlobalUnlock 749->754 753->754 759 acb7a0-acb7a8 753->759 754->748 760 acb7aa-acb7be GdipCreateHBITMAPFromBitmap 759->760 761 acb7c3-acb7d1 759->761 760->761 762 acb7c0 760->762 761->754 762->761
                                                                                                                                  APIs
                                                                                                                                  • FindResourceW.KERNELBASE(?,PNG,00000000,?,?,?,00ACC92D,00000066), ref: 00ACB6E5
                                                                                                                                  • SizeofResource.KERNEL32(00000000,?,?,?,00ACC92D,00000066), ref: 00ACB6FC
                                                                                                                                  • LoadResource.KERNEL32(00000000,?,?,?,00ACC92D,00000066), ref: 00ACB713
                                                                                                                                  • LockResource.KERNEL32(00000000,?,?,?,00ACC92D,00000066), ref: 00ACB722
                                                                                                                                  • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00ACC92D,00000066), ref: 00ACB73D
                                                                                                                                  • GlobalLock.KERNEL32(00000000,?,?,?,?,?,00ACC92D,00000066), ref: 00ACB74E
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00ACB7D6
                                                                                                                                    • Part of subcall function 00ACB636: GdipAlloc.GDIPLUS(00000010), ref: 00ACB63C
                                                                                                                                  • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00ACB7B7
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00ACB7DD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                                                                                                  • String ID: PNG
                                                                                                                                  • API String ID: 541704414-364855578
                                                                                                                                  • Opcode ID: 2a9ff5b521601384c48f2595b406e2eb53a5264cae9d6100460e05f812110099
                                                                                                                                  • Instruction ID: 2a8504a42526de0bd3ae9182aaa11791018eb1e3ee135e621c9e36507ed2b7e2
                                                                                                                                  • Opcode Fuzzy Hash: 2a9ff5b521601384c48f2595b406e2eb53a5264cae9d6100460e05f812110099
                                                                                                                                  • Instruction Fuzzy Hash: 15315071601242AFD7119FA5EC89E2B7FACEF88751B06062DF915D6260EB32DC41CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADBB1B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 764 adbb1b-adbb34 765 adbb4a-adbb4f 764->765 766 adbb36-adbb46 call ae010c 764->766 768 adbb5c-adbb80 MultiByteToWideChar 765->768 769 adbb51-adbb59 765->769 766->765 773 adbb48 766->773 771 adbb86-adbb92 768->771 772 adbd13-adbd26 call ad0d7c 768->772 769->768 774 adbb94-adbba5 771->774 775 adbbe6 771->775 773->765 778 adbbc4-adbbd5 call ada7fe 774->778 779 adbba7-adbbb6 call ae31d0 774->779 777 adbbe8-adbbea 775->777 781 adbd08 777->781 782 adbbf0-adbc03 MultiByteToWideChar 777->782 778->781 789 adbbdb 778->789 779->781 792 adbbbc-adbbc2 779->792 786 adbd0a-adbd11 call adbd83 781->786 782->781 785 adbc09-adbc1b call adc12c 782->785 794 adbc20-adbc24 785->794 786->772 793 adbbe1-adbbe4 789->793 792->793 793->777 794->781 796 adbc2a-adbc31 794->796 797 adbc6b-adbc77 796->797 798 adbc33-adbc38 796->798 799 adbc79-adbc8a 797->799 800 adbcc3 797->800 798->786 801 adbc3e-adbc40 798->801 802 adbc8c-adbc9b call ae31d0 799->802 803 adbca5-adbcb6 call ada7fe 799->803 804 adbcc5-adbcc7 800->804 801->781 805 adbc46-adbc60 call adc12c 801->805 809 adbd01-adbd07 call adbd83 802->809 816 adbc9d-adbca3 802->816 803->809 818 adbcb8 803->818 808 adbcc9-adbce2 call adc12c 804->808 804->809 805->786 820 adbc66 805->820 808->809 822 adbce4-adbceb 808->822 809->781 821 adbcbe-adbcc1 816->821 818->821 820->781 821->804 823 adbced-adbcee 822->823 824 adbd27-adbd2d 822->824 825 adbcef-adbcff WideCharToMultiByte 823->825 824->825 825->809 826 adbd2f-adbd36 call adbd83 825->826 826->786
                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00AD69A3,00AD69A3,?,?,?,00ADBD6C,00000001,00000001,62E85006), ref: 00ADBB75
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00ADBD6C,00000001,00000001,62E85006,?,?,?), ref: 00ADBBFB
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,62E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00ADBCF5
                                                                                                                                  • __freea.LIBCMT ref: 00ADBD02
                                                                                                                                    • Part of subcall function 00ADA7FE: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00ADDBEC,00000000,?,00AD80B1,?,00000008,?,00ADA871,?,?,?), ref: 00ADA830
                                                                                                                                  • __freea.LIBCMT ref: 00ADBD0B
                                                                                                                                  • __freea.LIBCMT ref: 00ADBD30
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1414292761-0
                                                                                                                                  • Opcode ID: 52d2bc6f8da2fb0d5ecbd02b3a079f9c907e3d8a3aa8f47d6c8cc3370a7dc724
                                                                                                                                  • Instruction ID: d69acb08b32f61fc066f5248d40addee5ca285bcbbf75b94a31b8454199636fc
                                                                                                                                  • Opcode Fuzzy Hash: 52d2bc6f8da2fb0d5ecbd02b3a079f9c907e3d8a3aa8f47d6c8cc3370a7dc724
                                                                                                                                  • Instruction Fuzzy Hash: 4D518172620216EBEF258F64CC81EBB77AAEF44750F26462AFD06D6250EB35DC40C660
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACC324 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 829 acc324-acc342 GetCurrentProcess OpenProcessToken 830 acc344-acc35c GetTokenInformation 829->830 831 acc3a7 829->831 833 acc35e-acc367 GetLastError 830->833 834 acc369-acc38a call ad7566 GetTokenInformation 830->834 832 acc3a9-acc3ab 831->832 833->831 833->834 837 acc38c-acc399 CopySid 834->837 838 acc39b-acc3a5 call ad5219 834->838 837->838 838->832
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(00020008,00ACBF14,?,?,?,?,00ACBF14,?), ref: 00ACC333
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,00ACBF14,?), ref: 00ACC33A
                                                                                                                                  • GetTokenInformation.KERNELBASE(00ACBF14,00000001(TokenIntegrityLevel),00000000,00000000,?,?,?,?,?,00ACBF14,?), ref: 00ACC354
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00ACBF14,?), ref: 00ACC35E
                                                                                                                                  • GetTokenInformation.KERNELBASE(00ACBF14,00000001(TokenIntegrityLevel),00000000,?,?,?,?,?,?,?,00ACBF14,?), ref: 00ACC382
                                                                                                                                  • CopySid.ADVAPI32(00000044,00ACBF14,00000000,?,?,?,?,?,00ACBF14,?), ref: 00ACC393
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Token$InformationProcess$CopyCurrentErrorLastOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3984476752-0
                                                                                                                                  • Opcode ID: 4eb378daece8be7f845d06f257b424e42408da5aea3abfd7c419cc66f81e38c8
                                                                                                                                  • Instruction ID: f01c262de1ade398d3b4fcba5a0e8fb9b70b10d93b7e47fc29e93ef5408e743e
                                                                                                                                  • Opcode Fuzzy Hash: 4eb378daece8be7f845d06f257b424e42408da5aea3abfd7c419cc66f81e38c8
                                                                                                                                  • Instruction Fuzzy Hash: 4F014075540208FFDB219FE0EC89EEEBB6DEF09750F104469F506E6250DA718E54AB70
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACED8B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 841 aced8b-aceda4 WaitForSingleObject 842 acedec-acedee 841->842 843 aceda6-aceda7 841->843 844 aceda9-acedb9 PeekMessageW 843->844 845 aceddc-acede9 WaitForSingleObject 844->845 846 acedbb-acedd6 GetMessageW TranslateMessage DispatchMessageW 844->846 845->844 847 acedeb 845->847 846->845 847->842
                                                                                                                                  APIs
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00ACED97
                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00ACEDB1
                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00ACEDC2
                                                                                                                                  • TranslateMessage.USER32(?), ref: 00ACEDCC
                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00ACEDD6
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00ACEDE1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2148572870-0
                                                                                                                                  • Opcode ID: 14a4a9ddcb38da453e8451c934c02cb3beec45b61d44d2f85869596e87a50229
                                                                                                                                  • Instruction ID: ede4183de68299e09143cc49bfcd9d2d24ada3b36654443391e95f0f297a0e7a
                                                                                                                                  • Opcode Fuzzy Hash: 14a4a9ddcb38da453e8451c934c02cb3beec45b61d44d2f85869596e87a50229
                                                                                                                                  • Instruction Fuzzy Hash: 67F03C72A01119ABCB21ABE1EC4CECF7E6CEF85351B518021B60BD6050D6348546C7E0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACDFCC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 848 acdfcc-acdfcf 849 ace14e-ace151 848->849 850 acdfd5-acdffa GetTempPathW call abcaa0 848->850 852 ace51e-ace549 call acc504 849->852 853 ace157-ace15d 849->853 858 acdffe-ace02a call ab4a20 call abb4c1 850->858 861 ace54f-ace55d 852->861 862 acd8d8-acd8e6 852->862 854 ace15f 853->854 855 ace169-ace170 853->855 854->855 855->852 870 acdffc-acdffd 858->870 871 ace02c-ace043 SetDlgItemTextW 858->871 864 acd8e7-acd8fc call acc11c 862->864 872 acd8fe 864->872 870->858 871->852 873 ace049-ace04f 871->873 874 acd900-acd915 call ac3316 872->874 873->852 875 ace055-ace070 call ad33ac 873->875 880 acd917-acd91b 874->880 881 acd922-acd925 874->881 882 ace0c0-ace0c7 875->882 883 ace072-ace07e 875->883 880->874 884 acd91d 880->884 881->852 885 acd92b 881->885 886 ace0f9-ace129 call acbea2 call acb7f4 882->886 887 ace0c9-ace0f4 call ac192f * 2 882->887 883->882 888 ace080 883->888 884->852 889 acdba4-acdba6 885->889 890 acdbc1-acdbc3 885->890 891 acd932-acd935 885->891 892 acdb03-acdb05 885->892 886->852 930 ace12f-ace149 EndDialog 886->930 887->886 898 ace083-ace087 888->898 889->852 896 acdbac-acdbbc SetWindowTextW 889->896 890->852 897 acdbc9-acdbd0 890->897 891->852 893 acd93b-acd995 call acb65d call abd200 call abb93d call abba77 call ab79e5 891->893 892->852 899 acdb0b-acdb17 892->899 966 acdad4-acdae9 call abb9ca 893->966 896->852 897->852 903 acdbd6-acdbef 897->903 904 ace089-ace097 898->904 905 ace09b-ace0b8 call ac192f 898->905 906 acdb19-acdb2a call ad8a79 899->906 907 acdb2b-acdb30 899->907 915 acdbf7-acdc05 call ad4fa3 903->915 916 acdbf1 903->916 904->898 917 ace099 904->917 905->882 906->907 911 acdb3a-acdb45 call acc67e 907->911 912 acdb32-acdb38 907->912 922 acdb4a-acdb4c 911->922 912->922 915->852 931 acdc0b-acdc14 915->931 916->915 917->882 928 acdb4e-acdb55 call ad4fa3 922->928 929 acdb57-acdb77 call ad4fa3 call ad521e 922->929 928->929 951 acdb79-acdb80 929->951 952 acdb90-acdb92 929->952 930->852 935 acdc3d-acdc40 931->935 936 acdc16-acdc1a 931->936 941 acdc46-acdc49 935->941 943 acdd25-acdd33 call ac192f 935->943 940 acdc1c-acdc24 936->940 936->941 940->852 946 acdc2a-acdc38 call ac192f 940->946 948 acdc4b-acdc50 941->948 949 acdc56-acdc71 941->949 959 acdd35-acdd49 call ad36be 943->959 946->959 948->943 948->949 967 acdcbb-acdcc2 949->967 968 acdc73-acdcad 949->968 956 acdb87-acdb8f call ad8a79 951->956 957 acdb82-acdb84 951->957 952->852 958 acdb98-acdb9f call ad5219 952->958 956->952 957->956 958->852 977 acdd4b-acdd4f 959->977 978 acdd56-acddb0 call ac192f call acc3ae GetDlgItem SetWindowTextW SendMessageW call ad7306 959->978 983 acdaef-acdafe call abb953 966->983 984 acd99a-acd9ae SetFileAttributesW 966->984 970 acdcc4-acdcdc call ad4fa3 967->970 971 acdcf0-acdd13 call ad4fa3 * 2 967->971 994 acdcaf 968->994 995 acdcb1-acdcb3 968->995 970->971 988 acdcde-acdceb call ac1907 970->988 971->959 1003 acdd15-acdd23 call ac1907 971->1003 977->978 982 acdd51-acdd53 977->982 978->852 1015 acddb6-acddca SendMessageW 978->1015 982->978 983->852 990 acda54-acda64 GetFileAttributesW 984->990 991 acd9b4-acd9e7 call abcdc0 call abcaa0 call ad4fa3 984->991 988->971 990->966 1000 acda66-acda75 DeleteFileW 990->1000 1020 acd9e9-acd9f8 call ad4fa3 991->1020 1021 acd9fa-acda08 call abd1c1 991->1021 994->995 995->967 1000->966 1002 acda77-acda7a 1000->1002 1007 acda7e-acdaaa call ab4a20 GetFileAttributesW 1002->1007 1003->959 1018 acda7c-acda7d 1007->1018 1019 acdaac-acdac2 MoveFileW 1007->1019 1015->852 1018->1007 1019->966 1022 acdac4-acdace MoveFileExW 1019->1022 1020->1021 1027 acda0e-acda4e call ad4fa3 call ad11b0 SHFileOperationW 1020->1027 1021->983 1021->1027 1022->966 1027->990
                                                                                                                                  APIs
                                                                                                                                  • GetTempPathW.KERNEL32(00000800,?), ref: 00ACDFE2
                                                                                                                                    • Part of subcall function 00ABCAA0: _wcslen.LIBCMT ref: 00ABCAA6
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACE016
                                                                                                                                    • Part of subcall function 00AB4A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00AB4A33
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000066,00B02892), ref: 00ACE036
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00ACE143
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                                                                                                  • String ID: %s%s%u
                                                                                                                                  • API String ID: 110358324-1360425832
                                                                                                                                  • Opcode ID: 6c6891f81ddf4161ef944b72af39e3a8e692c46246516dc368adcebb2f8f50c2
                                                                                                                                  • Instruction ID: f1454477ded5d3add6bf7761f5c8bf93b19fdecef370852b86bf347bb5f15ed6
                                                                                                                                  • Opcode Fuzzy Hash: 6c6891f81ddf4161ef944b72af39e3a8e692c46246516dc368adcebb2f8f50c2
                                                                                                                                  • Instruction Fuzzy Hash: 7A418E75900218AADF21DBA0CD45FEA77FCEB14340F4580AAF90AE7051EF708A84CFA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACBBC0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1032 acbbc0-acbbdf GetClassNameW 1033 acbc07-acbc09 1032->1033 1034 acbbe1-acbbf6 call ac3316 1032->1034 1036 acbc0b-acbc0d 1033->1036 1037 acbc14-acbc16 1033->1037 1039 acbbf8-acbc04 FindWindowExW 1034->1039 1040 acbc06 1034->1040 1036->1037 1039->1040 1040->1033
                                                                                                                                  APIs
                                                                                                                                  • GetClassNameW.USER32(?,?,00000050), ref: 00ACBBD7
                                                                                                                                  • SHAutoComplete.SHLWAPI(?,00000010), ref: 00ACBC0E
                                                                                                                                    • Part of subcall function 00AC3316: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00013316,00ABD523,00000000,.exe,?,?,00000800,?,?,?,00AC9E5C), ref: 00AC332C
                                                                                                                                  • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00ACBBFE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                                  • String ID: @Ut$EDIT
                                                                                                                                  • API String ID: 4243998846-2065656831
                                                                                                                                  • Opcode ID: 4940150c8b86915ffa33785c8e11639904f92aea386ccbed88d15f85647d5365
                                                                                                                                  • Instruction ID: 673d6671f00191d37454b2eaba3e2e7f8335c14898b94d399ef0d54ba30d114a
                                                                                                                                  • Opcode Fuzzy Hash: 4940150c8b86915ffa33785c8e11639904f92aea386ccbed88d15f85647d5365
                                                                                                                                  • Instruction Fuzzy Hash: 60F0A732A04728BBDB3057659C0AFDF766CAF8AB40F854029FA01F7180DF64D90186F5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACBD1B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00AC1B3B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00AC1B56
                                                                                                                                    • Part of subcall function 00AC1B3B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00AC063A,Crypt32.dll,00000000,00AC06B4,00000200,?,00AC0697,00000000,00000000,?), ref: 00AC1B78
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00ACBD34
                                                                                                                                  • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00ACBD6B
                                                                                                                                  • SHGetMalloc.SHELL32(00AFA460), ref: 00ACBD75
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                                                  • String ID: riched20.dll$3So
                                                                                                                                  • API String ID: 3498096277-3464455743
                                                                                                                                  • Opcode ID: f676790a2e9e6f96e0a795b2a8078444fd93ad882b28286c6cf6c847fa66a7e8
                                                                                                                                  • Instruction ID: adb54abd650e4b64b13607d517579c7cad8091db17ef38cf01f8870be08c9f8b
                                                                                                                                  • Opcode Fuzzy Hash: f676790a2e9e6f96e0a795b2a8078444fd93ad882b28286c6cf6c847fa66a7e8
                                                                                                                                  • Instruction Fuzzy Hash: 3BF049B1D00209ABCB20AF99D949AEFFBFCEF84305F00841AE805A2200DBB456458BA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC0627 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1045 ac0627-ac062e 1046 ac0630-ac063e call ac1b3b 1045->1046 1047 ac0663-ac0664 1045->1047 1050 ac065f 1046->1050 1051 ac0640-ac065c GetProcAddress * 2 1046->1051 1050->1047 1051->1050
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00AC1B3B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00AC1B56
                                                                                                                                    • Part of subcall function 00AC1B3B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00AC063A,Crypt32.dll,00000000,00AC06B4,00000200,?,00AC0697,00000000,00000000,?), ref: 00AC1B78
                                                                                                                                  • GetProcAddress.KERNELBASE(00000000,CryptProtectMemory), ref: 00AC0646
                                                                                                                                  • GetProcAddress.KERNEL32(00AFA1F0,CryptUnprotectMemory), ref: 00AC0656
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                                  • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                                                  • API String ID: 2141747552-1753850145
                                                                                                                                  • Opcode ID: 43e0a57403271df9fcfe156d5fd9031f5e60c77094777ea4396fb88657870af6
                                                                                                                                  • Instruction ID: 3c3476118d2a5061f06da627457b7c744a3a099df15c8fdb78b2657b86ce8d5c
                                                                                                                                  • Opcode Fuzzy Hash: 43e0a57403271df9fcfe156d5fd9031f5e60c77094777ea4396fb88657870af6
                                                                                                                                  • Instruction Fuzzy Hash: 44E086709047D1AED7209F7AA948F027FE8AF5C710F018C1DE2C5D3151D6F4D8418B10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABAB40 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1052 abab40-abab61 call acffd0 1055 abab6c 1052->1055 1056 abab63-abab66 1052->1056 1058 abab6e-abab7f 1055->1058 1056->1055 1057 abab68-abab6a 1056->1057 1057->1058 1059 abab81 1058->1059 1060 abab87-abab91 1058->1060 1059->1060 1061 abab93 1060->1061 1062 abab96-ababa3 call ab79e5 1060->1062 1061->1062 1065 ababab-ababca CreateFileW 1062->1065 1066 ababa5 1062->1066 1067 abac1b-abac1f 1065->1067 1068 ababcc-ababee GetLastError call abcf32 1065->1068 1066->1065 1070 abac23-abac26 1067->1070 1073 abac28-abac2d 1068->1073 1077 ababf0-abac13 CreateFileW GetLastError 1068->1077 1072 abac39-abac3e 1070->1072 1070->1073 1075 abac5f-abac70 1072->1075 1076 abac40-abac43 1072->1076 1073->1072 1074 abac2f 1073->1074 1074->1072 1079 abac8e-abac99 1075->1079 1080 abac72-abac8a call ac192f 1075->1080 1076->1075 1078 abac45-abac59 SetFileTime 1076->1078 1077->1070 1081 abac15-abac19 1077->1081 1078->1075 1080->1079 1081->1070
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00AB8243,?,00000005,?,00000011), ref: 00ABABBF
                                                                                                                                  • GetLastError.KERNEL32(?,?,00AB8243,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00ABABCC
                                                                                                                                  • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00AB8243,?,00000005,?), ref: 00ABAC02
                                                                                                                                  • GetLastError.KERNEL32(?,?,00AB8243,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00ABAC0A
                                                                                                                                  • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00AB8243,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00ABAC59
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$CreateErrorLast$Time
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1999340476-0
                                                                                                                                  • Opcode ID: e7a355f131bcd51a47ef576197b37e3f5c96c27fc29b24c4e7cd6b402756bf9d
                                                                                                                                  • Instruction ID: c25672eab2ca0dc87a38570e0fc428845777e59ca00d0e3158978b55959af193
                                                                                                                                  • Opcode Fuzzy Hash: e7a355f131bcd51a47ef576197b37e3f5c96c27fc29b24c4e7cd6b402756bf9d
                                                                                                                                  • Instruction Fuzzy Hash: 33313730544781AFE730DF64DD45BDABBEDBB16320F100B29F9A1861D2C3B5A849CB96
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACBEFF Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1111 acbeff-acbf16 call acc324 1114 acbf1c-acbf5e SetEntriesInAclW 1111->1114 1115 acbfaf-acbfb0 1111->1115 1116 acbfad-acbfae 1114->1116 1117 acbf60-acbf6d InitializeSecurityDescriptor 1114->1117 1116->1115 1118 acbf9f-acbfa2 1117->1118 1119 acbf6f-acbf80 SetSecurityDescriptorDacl 1117->1119 1118->1116 1120 acbfa4-acbfa7 LocalFree 1118->1120 1119->1118 1121 acbf82-acbf99 CreateDirectoryW 1119->1121 1120->1116 1121->1118
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00ACC324: GetCurrentProcess.KERNEL32(00020008,00ACBF14,?,?,?,?,00ACBF14,?), ref: 00ACC333
                                                                                                                                    • Part of subcall function 00ACC324: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,00ACBF14,?), ref: 00ACC33A
                                                                                                                                    • Part of subcall function 00ACC324: GetTokenInformation.KERNELBASE(00ACBF14,00000001(TokenIntegrityLevel),00000000,00000000,?,?,?,?,?,00ACBF14,?), ref: 00ACC354
                                                                                                                                    • Part of subcall function 00ACC324: GetLastError.KERNEL32(?,?,?,?,00ACBF14,?), ref: 00ACC35E
                                                                                                                                    • Part of subcall function 00ACC324: GetTokenInformation.KERNELBASE(00ACBF14,00000001(TokenIntegrityLevel),00000000,?,?,?,?,?,?,?,00ACBF14,?), ref: 00ACC382
                                                                                                                                    • Part of subcall function 00ACC324: CopySid.ADVAPI32(00000044,00ACBF14,00000000,?,?,?,?,?,00ACBF14,?), ref: 00ACC393
                                                                                                                                  • SetEntriesInAclW.ADVAPI32(00000001,11060000,00000000,?,?,?,?), ref: 00ACBF56
                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001,?,?,?), ref: 00ACBF65
                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,?,?), ref: 00ACBF78
                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,0000000C,?,?,?), ref: 00ACBF99
                                                                                                                                  • LocalFree.KERNEL32(?,?,?,?), ref: 00ACBFA7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Token$DescriptorInformationProcessSecurity$CopyCreateCurrentDaclDirectoryEntriesErrorFreeInitializeLastLocalOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2740647886-0
                                                                                                                                  • Opcode ID: 601f494b42f7778c0213d9580126a9ed421a5c0fca9c293bda21a9f3aacecb0d
                                                                                                                                  • Instruction ID: 9d5c12240324896f6b7056ba9373abe1334afd5ff2c54e5dae38054519d2162e
                                                                                                                                  • Opcode Fuzzy Hash: 601f494b42f7778c0213d9580126a9ed421a5c0fca9c293bda21a9f3aacecb0d
                                                                                                                                  • Instruction Fuzzy Hash: 3321A3B5C00228EADF10CFA5DD49ADEBBBCAF48740F50805AE805E2210DB359A45DFA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACC758 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00ACC769
                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00ACC77A
                                                                                                                                  • IsDialogMessageW.USER32(00020440,?), ref: 00ACC78E
                                                                                                                                  • TranslateMessage.USER32(?), ref: 00ACC79C
                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00ACC7A6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1266772231-0
                                                                                                                                  • Opcode ID: 46a51d5786c258d304645bb8bb3e2cb7582cb916daeb5ed103a630a8e7a5d8eb
                                                                                                                                  • Instruction ID: f1db5ed9e3429a2fcd903c0cf436caa38cd9db6869c72ed58697bb1498a23daa
                                                                                                                                  • Opcode Fuzzy Hash: 46a51d5786c258d304645bb8bb3e2cb7582cb916daeb5ed103a630a8e7a5d8eb
                                                                                                                                  • Instruction Fuzzy Hash: 70F0BD71D01519ABCB209BE1DC4CEDB7FACEE497A17418425B50AD3010EB64D505CBF0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD4DA2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,?,00AD4D53,00000000,?,00B140C4,?,?,?,00AD4EF6,00000004,InitializeCriticalSectionEx,00AE7424,InitializeCriticalSectionEx), ref: 00AD4DAF
                                                                                                                                  • GetLastError.KERNEL32(?,00AD4D53,00000000,?,00B140C4,?,?,?,00AD4EF6,00000004,InitializeCriticalSectionEx,00AE7424,InitializeCriticalSectionEx,00000000,?,00AD4CAD), ref: 00AD4DB9
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00AD4DE1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                  • String ID: api-ms-
                                                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                                                  • Opcode ID: 3d730a851338c9d84e8ddb8ccaa99e3f191b1b4a560ba60efe253a39415d90f1
                                                                                                                                  • Instruction ID: e85649638496623ea77c6c0e9e0ea8a78abe40d94c39f48eac22b8b01543c47a
                                                                                                                                  • Opcode Fuzzy Hash: 3d730a851338c9d84e8ddb8ccaa99e3f191b1b4a560ba60efe253a39415d90f1
                                                                                                                                  • Instruction Fuzzy Hash: 76E04F38684244B7EF105FA1EC46F9D3F5AAB04B51F100431FA8EAC1E0E7B1A9519694
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABA9E5 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetStdHandle.KERNEL32(000000F6), ref: 00ABA9F5
                                                                                                                                  • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00ABAA0D
                                                                                                                                  • GetLastError.KERNEL32 ref: 00ABAA3F
                                                                                                                                  • GetLastError.KERNEL32 ref: 00ABAA5E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$FileHandleRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2244327787-0
                                                                                                                                  • Opcode ID: 52a3a6104843d3e1e0d937afb567bf32d6324073026cb3a0d4e5911783b03e3e
                                                                                                                                  • Instruction ID: c87dbfbf714e538469a4be901f39425d14e628248b09229925158af30eb94d55
                                                                                                                                  • Opcode Fuzzy Hash: 52a3a6104843d3e1e0d937afb567bf32d6324073026cb3a0d4e5911783b03e3e
                                                                                                                                  • Instruction Fuzzy Hash: 72118231500204EBCF209FA4DE446EE37BDFB253A0F10462EF51686192D7749E45DB63
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADBEF4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,00ABEA30,00000000,00000000,?,00ADBE9B,00ABEA30,00000000,00000000,00000000,?,00ADC098,00000006,FlsSetValue), ref: 00ADBF26
                                                                                                                                  • GetLastError.KERNEL32(?,00ADBE9B,00ABEA30,00000000,00000000,00000000,?,00ADC098,00000006,FlsSetValue,00AE8A00,FlsSetValue,00000000,00000364,?,00ADA5E7), ref: 00ADBF32
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00ADBE9B,00ABEA30,00000000,00000000,00000000,?,00ADC098,00000006,FlsSetValue,00AE8A00,FlsSetValue,00000000), ref: 00ADBF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                  • Opcode ID: 3d0de71a170c082cbed1b333c0585f8de06b76bb54841e07247dd328d9a729a3
                                                                                                                                  • Instruction ID: a29b3713e05d856113ab2cd81b9e8004f43f34d8055bc95d3ef81a8247c9e3b5
                                                                                                                                  • Opcode Fuzzy Hash: 3d0de71a170c082cbed1b333c0585f8de06b76bb54841e07247dd328d9a729a3
                                                                                                                                  • Instruction Fuzzy Hash: 3301AC32625226DBC721CB68AC84A977BACAF4D7A17164625F91BD7350DB20D801CBF0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC069C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00AC0627: GetProcAddress.KERNELBASE(00000000,CryptProtectMemory), ref: 00AC0646
                                                                                                                                    • Part of subcall function 00AC0627: GetProcAddress.KERNEL32(00AFA1F0,CryptUnprotectMemory), ref: 00AC0656
                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000200,?,00AC0697), ref: 00AC072A
                                                                                                                                  Strings
                                                                                                                                  • CryptUnprotectMemory failed, xrefs: 00AC0722
                                                                                                                                  • CryptProtectMemory failed, xrefs: 00AC06E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$CurrentProcess
                                                                                                                                  • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                                                  • API String ID: 2190909847-396321323
                                                                                                                                  • Opcode ID: 6d52aebdc8c1e0ba79aa5798426794c14277a9a36695a572e766bc007ca7660f
                                                                                                                                  • Instruction ID: 99ff4958097ba53b2f9e039f80a245c3aa662d5af49a02e2f4ae2e10e02872e8
                                                                                                                                  • Opcode Fuzzy Hash: 6d52aebdc8c1e0ba79aa5798426794c14277a9a36695a572e766bc007ca7660f
                                                                                                                                  • Instruction Fuzzy Hash: 22113631900A64EBDF199F609C44FAE3B28AF44764F074119FC056B251CB70AD42CBD9
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABB20A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00ABE79B,00000001,?,?,?,00000000,00AC66C2,?,?,?), ref: 00ABB22E
                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00AC66C2,?,?,?,?,?,00AC6184,?), ref: 00ABB275
                                                                                                                                  • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00ABE79B,00000001,?,?), ref: 00ABB2A1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileWrite$Handle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4209713984-0
                                                                                                                                  • Opcode ID: de7566c143dcac641f96076e396ad03f7e44c9fd2271850288d24233e09194bc
                                                                                                                                  • Instruction ID: e7103d61e722641ad903de7552c44539ed03a607889e3197e735819f68ba8e93
                                                                                                                                  • Opcode Fuzzy Hash: de7566c143dcac641f96076e396ad03f7e44c9fd2271850288d24233e09194bc
                                                                                                                                  • Instruction Fuzzy Hash: 9B31CC31218305AFDB14CF20D858BEE77A9FB84715F00051DFA81AB291CBB5A948CBA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABB542 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00ABD68B: _wcslen.LIBCMT ref: 00ABD691
                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00ABB405,?,00000001,00000000,?,?), ref: 00ABB569
                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00ABB405,?,00000001,00000000,?,?), ref: 00ABB59C
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00ABB405,?,00000001,00000000,?,?), ref: 00ABB5B9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2260680371-0
                                                                                                                                  • Opcode ID: 44c8c8e57aec7d01dba1c152ae13ff60274dfccfd1e09bb1039ab7fb74229572
                                                                                                                                  • Instruction ID: 593762dc89f0122a6f2a6ef2f3342422a0ee45d09015e107e7920f2a048f9498
                                                                                                                                  • Opcode Fuzzy Hash: 44c8c8e57aec7d01dba1c152ae13ff60274dfccfd1e09bb1039ab7fb74229572
                                                                                                                                  • Instruction Fuzzy Hash: D901D831224260AAEF31AF719D45FFE375CAF09780F040555F903E6183DB94DA4287B2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADCA53 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00ADCA78
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Info
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1807457897-3916222277
                                                                                                                                  • Opcode ID: 9120ac09ec5ccc7b3fbd4b9e97fbdc9621d395ab22916926b1232180200e87d4
                                                                                                                                  • Instruction ID: 7f39404c0720b56d27aebd6f74796f0ce0d1f6dde5bf561ed875ee6c977532cc
                                                                                                                                  • Opcode Fuzzy Hash: 9120ac09ec5ccc7b3fbd4b9e97fbdc9621d395ab22916926b1232180200e87d4
                                                                                                                                  • Instruction Fuzzy Hash: 9E41267150424D9EDF22CF64CD85AF6BBBAEB45314F5408EFE58B86242D235AE45CF20
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADC12C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,62E85006,00000001,?,?), ref: 00ADC19D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String
                                                                                                                                  • String ID: LCMapStringEx
                                                                                                                                  • API String ID: 2568140703-3893581201
                                                                                                                                  • Opcode ID: 094e0a821b23a75a91aebc998bcd0b58f3153a1acd925a18aaf27fca747f2cac
                                                                                                                                  • Instruction ID: b50c5fb85c76623694617995ba79a5668110321d050510a9d53998e23cb3526c
                                                                                                                                  • Opcode Fuzzy Hash: 094e0a821b23a75a91aebc998bcd0b58f3153a1acd925a18aaf27fca747f2cac
                                                                                                                                  • Instruction Fuzzy Hash: 42012572500159BBCF02AF91DD05DEE7FA6EF0C760F414516FE0926261CB368972EB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADC0CA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00ADB72F), ref: 00ADC115
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                  • String ID: InitializeCriticalSectionEx
                                                                                                                                  • API String ID: 2593887523-3084827643
                                                                                                                                  • Opcode ID: 560f269985f4bf0bc6cd71b0b416be59711e394de38a2c0e78be395631008159
                                                                                                                                  • Instruction ID: e79f83ee37dddc1a22b1562d277eb33290b187b62a047b4f21b6608c62879dd3
                                                                                                                                  • Opcode Fuzzy Hash: 560f269985f4bf0bc6cd71b0b416be59711e394de38a2c0e78be395631008159
                                                                                                                                  • Instruction Fuzzy Hash: 56F0BE31A41258BBCF11EF91CC06DAE7FA5EF187A0B414166FD0A2B261CF315911EB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADBF6F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Alloc
                                                                                                                                  • String ID: FlsAlloc
                                                                                                                                  • API String ID: 2773662609-671089009
                                                                                                                                  • Opcode ID: cd68d056a06217101d1ba8637b38e868cdeaf8a2408477a3890430d3f03671cd
                                                                                                                                  • Instruction ID: fbd0ba0003005be9d95964ba1f3371c595c11fd7861ed1808fe2252ce43149e8
                                                                                                                                  • Opcode Fuzzy Hash: cd68d056a06217101d1ba8637b38e868cdeaf8a2408477a3890430d3f03671cd
                                                                                                                                  • Instruction Fuzzy Hash: 99E0E531E40258BB8600ABA59D06D7EBFA5DB4CB20F42055BF80A67391CF755E029BDA
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACFD58 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACFD6A
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID: 3So
                                                                                                                                  • API String ID: 1269201914-1105799393
                                                                                                                                  • Opcode ID: 9c547b00c5fce287ca8c63ae937b0fb30c6674f9dfc94cd9bd67275a30b7eb42
                                                                                                                                  • Instruction ID: 18e36d6b1964ad89610a91567f96689e75c9ac48d69aab685edddfff2b9f0047
                                                                                                                                  • Opcode Fuzzy Hash: 9c547b00c5fce287ca8c63ae937b0fb30c6674f9dfc94cd9bd67275a30b7eb42
                                                                                                                                  • Instruction Fuzzy Hash: F0B012A6268900BE3B2411512D07F76011DC5C0B113718D3EF003C004194401D840031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADCDB0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00ADC97B: GetOEMCP.KERNEL32(00000000,?,?,00ADCC04,?), ref: 00ADC9A6
                                                                                                                                  • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00ADCC49,?,00000000), ref: 00ADCE24
                                                                                                                                  • GetCPInfo.KERNEL32(00000000,00ADCC49,?,?,?,00ADCC49,?,00000000), ref: 00ADCE37
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CodeInfoPageValid
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 546120528-0
                                                                                                                                  • Opcode ID: 426fa1d7ac0aaecb8a61a780c79b8b514ed3074a91d110fe5c9bd9a48c6a72e6
                                                                                                                                  • Instruction ID: 3c7b25ad7d196996bf66340a3c8bd2f648b4438c3ec5a3ed885a3dc0aa842281
                                                                                                                                  • Opcode Fuzzy Hash: 426fa1d7ac0aaecb8a61a780c79b8b514ed3074a91d110fe5c9bd9a48c6a72e6
                                                                                                                                  • Instruction Fuzzy Hash: CE51F1B09003069EDB249F75C8856BABBF6AF45320F94416FE0978B352DA359942DB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABACD4 Relevance: 3.1, APIs: 2, Instructions: 134COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNELBASE(000000FF,?,?,?,-000018C0,00000000,00000800,?,00ABACB0,?,?,00000000,?,?,00AB9C8B,?), ref: 00ABAE3A
                                                                                                                                  • GetLastError.KERNEL32(?,?,00AB9C8B,?,?,?,-000018C0,?,-00002908,00000000,-00000880,?,00000000,?,?,00000000), ref: 00ABAE49
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                  • Opcode ID: 8d3bd72077b2356dd21c8f72300772e4c48744e9f8f1e80d3cc370b7600b628a
                                                                                                                                  • Instruction ID: c7b254d6ef3b4eb15e94359cfcb95e50cf1b16570ec3b59d967124c01940ddbe
                                                                                                                                  • Opcode Fuzzy Hash: 8d3bd72077b2356dd21c8f72300772e4c48744e9f8f1e80d3cc370b7600b628a
                                                                                                                                  • Instruction Fuzzy Hash: EA4125346043458BDB24AF64C884BEA77ADFB78362F10062DE88687A53D775DC85CB53
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADCBE7 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00ADA515: GetLastError.KERNEL32(?,00AF3070,00AD5982,00AF3070,?,?,00AD5281,00000050,?,00AF3070,00000200), ref: 00ADA519
                                                                                                                                    • Part of subcall function 00ADA515: _free.LIBCMT ref: 00ADA54C
                                                                                                                                    • Part of subcall function 00ADA515: SetLastError.KERNEL32(00000000,?,00AF3070,00000200), ref: 00ADA58D
                                                                                                                                    • Part of subcall function 00ADA515: _abort.LIBCMT ref: 00ADA593
                                                                                                                                    • Part of subcall function 00ADCD0E: _abort.LIBCMT ref: 00ADCD40
                                                                                                                                    • Part of subcall function 00ADCD0E: _free.LIBCMT ref: 00ADCD74
                                                                                                                                    • Part of subcall function 00ADC97B: GetOEMCP.KERNEL32(00000000,?,?,00ADCC04,?), ref: 00ADC9A6
                                                                                                                                  • _free.LIBCMT ref: 00ADCC5F
                                                                                                                                  • _free.LIBCMT ref: 00ADCC95
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorLast_abort
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2991157371-0
                                                                                                                                  • Opcode ID: 0c8c610e6da635f199d0a971e0b144df521641323f32d1b468f161d3c4957565
                                                                                                                                  • Instruction ID: 563d4990c736019ffe6913692892a7582c53f16291528ab2d53e2d3bcbe7f1d2
                                                                                                                                  • Opcode Fuzzy Hash: 0c8c610e6da635f199d0a971e0b144df521641323f32d1b468f161d3c4957565
                                                                                                                                  • Instruction Fuzzy Hash: 3C31C431910205AFDB10EFA8D940AAD77F5EF40331F65009BF51A9B3A1EB769D41DB40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABB032 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00AB7ED0,?,?,?,00000000), ref: 00ABB04C
                                                                                                                                  • SetFileTime.KERNELBASE(?,?,?,?), ref: 00ABB100
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$BuffersFlushTime
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1392018926-0
                                                                                                                                  • Opcode ID: f057cfb9f84c738be4057ab0aa9241d342de64bf16190c88ccff8791db2cf557
                                                                                                                                  • Instruction ID: 64492c556ec436ac8e769933c8e9bec3e111fffc17edc3957b82e3b25d87c4b1
                                                                                                                                  • Opcode Fuzzy Hash: f057cfb9f84c738be4057ab0aa9241d342de64bf16190c88ccff8791db2cf557
                                                                                                                                  • Instruction Fuzzy Hash: 3121F0312682419FC714EF64C891ABBBBE8AF55304F04492CB4E183152D3A9E90C9B72
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABA8CE Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00ABB1B7,?,?,00AB81FD), ref: 00ABA946
                                                                                                                                  • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00ABB1B7,?,?,00AB81FD), ref: 00ABA976
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                  • Opcode ID: 6704759db8583c65b42c0456198d069227654ce785d18c2aa4459789a3a0bcaf
                                                                                                                                  • Instruction ID: aa5aeea5febdd002820c12b6b7d29b86b6063e5d7ce6c8bc9f2666f5abcb97c4
                                                                                                                                  • Opcode Fuzzy Hash: 6704759db8583c65b42c0456198d069227654ce785d18c2aa4459789a3a0bcaf
                                                                                                                                  • Instruction Fuzzy Hash: 9C21CF71504344AEE3308B69CC88FF776ECEB69321F010A29F9D6C61D3C778A8859672
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB1F30 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00AB1F35
                                                                                                                                    • Part of subcall function 00AB42F1: __EH_prolog.LIBCMT ref: 00AB42F6
                                                                                                                                  • _wcslen.LIBCMT ref: 00AB1FDA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2838827086-0
                                                                                                                                  • Opcode ID: af728ada4bfe62088ba51e34c2867e95c61d4402409d328689ec2b6648efe180
                                                                                                                                  • Instruction ID: 08f6d1a019b267653c4f02109877367143b90bebc1fd77ca3063781234d88574
                                                                                                                                  • Opcode Fuzzy Hash: af728ada4bfe62088ba51e34c2867e95c61d4402409d328689ec2b6648efe180
                                                                                                                                  • Instruction Fuzzy Hash: 55216D72904218AFCF11AFA9C965AEEFBBABF18300F50042EF445A7262C7755951CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD4D02 Relevance: 3.1, APIs: 2, Instructions: 67libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00B140C4,?,?,?,00AD4EF6,00000004,InitializeCriticalSectionEx,00AE7424,InitializeCriticalSectionEx,00000000,?,00AD4CAD,00B140C4,00000FA0), ref: 00AD4D85
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00AD4D8F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3013587201-0
                                                                                                                                  • Opcode ID: 7510174b3217a21922a918d60acfec4c109fb08937bb8077139bb69558850b7e
                                                                                                                                  • Instruction ID: f5cdd7a1e627bf7c41c319f3855d0176b87fe75653e91cfc605698c26d7815b0
                                                                                                                                  • Opcode Fuzzy Hash: 7510174b3217a21922a918d60acfec4c109fb08937bb8077139bb69558850b7e
                                                                                                                                  • Instruction Fuzzy Hash: 55118136600515AF9F22CFA4E8809A977BAFB4E750724016AEA87DB350E730DD01CBD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABB110 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00ABB157
                                                                                                                                  • GetLastError.KERNEL32 ref: 00ABB164
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                  • Opcode ID: 3b0f2789b0ed3d4f1b72ec9c1a3e8077944b89132e6dc198bfc1eae63c3abc30
                                                                                                                                  • Instruction ID: f2f654b9c1afb50ef83464817f16ae5815e8fe2f48b5d6535030e36b916f3d08
                                                                                                                                  • Opcode Fuzzy Hash: 3b0f2789b0ed3d4f1b72ec9c1a3e8077944b89132e6dc198bfc1eae63c3abc30
                                                                                                                                  • Instruction Fuzzy Hash: E411CE31610700ABD725DBA8EC64BEAB7EDBB44360F604729E192931D2E7F4AD45C770
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACBFB3 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00ABD6A7: _wcslen.LIBCMT ref: 00ABD6AF
                                                                                                                                    • Part of subcall function 00AC3338: _wcslen.LIBCMT ref: 00AC3340
                                                                                                                                    • Part of subcall function 00AC3338: _wcslen.LIBCMT ref: 00AC3351
                                                                                                                                    • Part of subcall function 00AC3338: _wcslen.LIBCMT ref: 00AC3361
                                                                                                                                    • Part of subcall function 00AC3338: _wcslen.LIBCMT ref: 00AC336F
                                                                                                                                    • Part of subcall function 00AC3338: CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00ABC844,?,?,00000000,?,?,?), ref: 00AC338A
                                                                                                                                    • Part of subcall function 00ACBC19: SetCurrentDirectoryW.KERNELBASE(?,00ACBFF6,00B01890,00000000,00B02892,00000006), ref: 00ACBC1D
                                                                                                                                  • _wcslen.LIBCMT ref: 00ACC00F
                                                                                                                                  • SHFileOperationW.SHELL32(?,?,?,?,?,00B02892,00000006), ref: 00ACC048
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$CompareCurrentDirectoryFileOperationString
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1016385243-0
                                                                                                                                  • Opcode ID: ba14aa4556515a823417803a642135c31f91ffab439f5880e6e86ecd3aab5dfe
                                                                                                                                  • Instruction ID: 9953ba35ca363e01e28629529422ddb5138f4e495372a02a007971a53c7eb283
                                                                                                                                  • Opcode Fuzzy Hash: ba14aa4556515a823417803a642135c31f91ffab439f5880e6e86ecd3aab5dfe
                                                                                                                                  • Instruction Fuzzy Hash: 22011271D00358A5DB11ABA49E0BEDE76FCAF08740F044499F509E7195EAB496448A94
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADA6A4 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 00ADA6C5
                                                                                                                                    • Part of subcall function 00ADA7FE: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00ADDBEC,00000000,?,00AD80B1,?,00000008,?,00ADA871,?,?,?), ref: 00ADA830
                                                                                                                                  • HeapReAlloc.KERNEL32(00000000,?,?,?,?,00AF30C4,00AB187A,?,?,00000007,?,?,?,00AB13F2,?,00000000), ref: 00ADA701
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$AllocAllocate_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2447670028-0
                                                                                                                                  • Opcode ID: 24666bb2695baa6b2d3f379bc788d15b1996fa4f874110864d2b04f6833b5174
                                                                                                                                  • Instruction ID: 6b71d9c9f4b4384f3be94bede8d75f3989f72a73ad58268595d88aca7d1ca5a6
                                                                                                                                  • Opcode Fuzzy Hash: 24666bb2695baa6b2d3f379bc788d15b1996fa4f874110864d2b04f6833b5174
                                                                                                                                  • Instruction Fuzzy Hash: 14F09636201111E7DB212B26AD01F6B3B689FB1FB0F1D8017F8179A391EF24DD40956B
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC23BD Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?), ref: 00AC23CA
                                                                                                                                  • GetProcessAffinityMask.KERNEL32(00000000), ref: 00AC23D1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$AffinityCurrentMask
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1231390398-0
                                                                                                                                  • Opcode ID: f2b16e81193eca7ede5ddcab27686b1328fbe6f92bcd471a9d89f0040eae0dbc
                                                                                                                                  • Instruction ID: c7d112732e3fa2ab7a741bc883ff81da761373e2ef70b0c5a8b69f0a10475ed0
                                                                                                                                  • Opcode Fuzzy Hash: f2b16e81193eca7ede5ddcab27686b1328fbe6f92bcd471a9d89f0040eae0dbc
                                                                                                                                  • Instruction Fuzzy Hash: DFE0D832B10545A79F09C7F4AC45FEF77DCDA44204711417DA513EB200F978DD0547A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABF968 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadStringW.USER32(?,?,00000200,?), ref: 00ABF998
                                                                                                                                  • LoadStringW.USER32(?,?,00000200), ref: 00ABF9AF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LoadString
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2948472770-0
                                                                                                                                  • Opcode ID: f9fa6454c1021799f0a974998f2ecb2bc86eed26d38947a9cd329d03fdbcbcb4
                                                                                                                                  • Instruction ID: a8920b4214d4a0a1bb464d13b6a31266a72867fb353bafbdb930faa126ccbf8f
                                                                                                                                  • Opcode Fuzzy Hash: f9fa6454c1021799f0a974998f2ecb2bc86eed26d38947a9cd329d03fdbcbcb4
                                                                                                                                  • Instruction Fuzzy Hash: 98F07436100219BBDF125F96EC04DFA7F6AEF49291B449425FE0496121DB329961EBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABB8E6 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00ABB5B5,?,?,?,00ABB405,?,00000001,00000000,?,?), ref: 00ABB8FA
                                                                                                                                    • Part of subcall function 00ABCF32: _wcslen.LIBCMT ref: 00ABCF56
                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00ABB5B5,?,?,?,00ABB405,?,00000001,00000000,?,?), ref: 00ABB92B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AttributesFile$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2673547680-0
                                                                                                                                  • Opcode ID: 118194e7ff8a4f95dd43017cdea808fb32a63d5754986300194eee326f16e4b8
                                                                                                                                  • Instruction ID: 68347fd4df550acc5ec3cd13c5f2ff63dad5b2bc4f857a82cb946214d550d32b
                                                                                                                                  • Opcode Fuzzy Hash: 118194e7ff8a4f95dd43017cdea808fb32a63d5754986300194eee326f16e4b8
                                                                                                                                  • Instruction Fuzzy Hash: B6F0A931114209BBDF21AFA0CC40BDA376DBB083C5F008064BA44DA2A5DB75DD959B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABB470 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DeleteFileW.KERNELBASE(?,00000000,?,00ABA438,?,?,?,?,00AB892B,?,?,?,00AE380F,000000FF), ref: 00ABB481
                                                                                                                                    • Part of subcall function 00ABCF32: _wcslen.LIBCMT ref: 00ABCF56
                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000800,?,00ABA438,?,?,?,?,00AB892B,?,?,?,00AE380F,000000FF), ref: 00ABB4AF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DeleteFile$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2643169976-0
                                                                                                                                  • Opcode ID: b73a62b192ae6ff374dffb6348f1ec71140733c6fee732f1b2a69e8075d880de
                                                                                                                                  • Instruction ID: ff4f02d5cbe40a54954f94a5ca07797632a01f8cbfff79e13b0776ebe161051f
                                                                                                                                  • Opcode Fuzzy Hash: b73a62b192ae6ff374dffb6348f1ec71140733c6fee732f1b2a69e8075d880de
                                                                                                                                  • Instruction Fuzzy Hash: EBE02232510208ABEB009FA0CC40FDA335DBB08382F044034BA04C6092DB65DC88DB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACBD81 Relevance: 3.0, APIs: 2, Instructions: 26comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GdiplusShutdown.GDIPLUS(?,?,?,?,00AE380F,000000FF), ref: 00ACBDB5
                                                                                                                                  • OleUninitialize.OLE32(?,?,?,?,00AE380F,000000FF), ref: 00ACBDBA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: GdiplusShutdownUninitialize
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3856339756-0
                                                                                                                                  • Opcode ID: 849eaa871464a38e86f364989ec84c8a24b520ac72748ea1bf9ed042b6e6ada7
                                                                                                                                  • Instruction ID: dcf548f415a4e524f3f7126ce2dda71266455cb215967a4fc0847e02d596be1b
                                                                                                                                  • Opcode Fuzzy Hash: 849eaa871464a38e86f364989ec84c8a24b520ac72748ea1bf9ed042b6e6ada7
                                                                                                                                  • Instruction Fuzzy Hash: 48E06572504550EFC711DB49DC05B49FBA9FB88B24F10822AB41693760CB746801CA90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF002 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACF02C
                                                                                                                                    • Part of subcall function 00AB4A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00AB4A33
                                                                                                                                  • SetDlgItemTextW.USER32(00000065,?), ref: 00ACF043
                                                                                                                                    • Part of subcall function 00ACC758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00ACC769
                                                                                                                                    • Part of subcall function 00ACC758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00ACC77A
                                                                                                                                    • Part of subcall function 00ACC758: IsDialogMessageW.USER32(00020440,?), ref: 00ACC78E
                                                                                                                                    • Part of subcall function 00ACC758: TranslateMessage.USER32(?), ref: 00ACC79C
                                                                                                                                    • Part of subcall function 00ACC758: DispatchMessageW.USER32(?), ref: 00ACC7A6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2718869927-0
                                                                                                                                  • Opcode ID: 65ce79d13fc91e05ba2022fea99a5ec27fe6a7f9d0e5eddd557a89e86e4047c5
                                                                                                                                  • Instruction ID: c4e5f3fb285ede5e18125303157a8f4512b77745ee29a5573b5a0d6bb37d9297
                                                                                                                                  • Opcode Fuzzy Hash: 65ce79d13fc91e05ba2022fea99a5ec27fe6a7f9d0e5eddd557a89e86e4047c5
                                                                                                                                  • Instruction Fuzzy Hash: 1BE0617140424C3ADF01EBA0DC0AFEA366CAB043CAF040055B204E70A3D6B4C511CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABB4D3 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,00ABB4CA,?,00AB8042,?), ref: 00ABB4E4
                                                                                                                                    • Part of subcall function 00ABCF32: _wcslen.LIBCMT ref: 00ABCF56
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,?,00ABB4CA,?,00AB8042,?), ref: 00ABB510
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AttributesFile$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2673547680-0
                                                                                                                                  • Opcode ID: 0622640cf2cc5211941dfa553be2972ca9f9c4ff405ebfbe4e47aee583b5240e
                                                                                                                                  • Instruction ID: e60a1906b9cee9197fbf31b7b76800a0538d33a03548a5bb966d010c98cbbc61
                                                                                                                                  • Opcode Fuzzy Hash: 0622640cf2cc5211941dfa553be2972ca9f9c4ff405ebfbe4e47aee583b5240e
                                                                                                                                  • Instruction Fuzzy Hash: 8BE092315002686BDB20EB64DC04BD9775CAB493E2F0002B0FE46E71A6D7709E419BE0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC1B3B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00AC1B56
                                                                                                                                  • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00AC063A,Crypt32.dll,00000000,00AC06B4,00000200,?,00AC0697,00000000,00000000,?), ref: 00AC1B78
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryLibraryLoadSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1175261203-0
                                                                                                                                  • Opcode ID: ce2d2e30eba330975c5086605bfd5178832671bb050a18a662388ce42764fb9b
                                                                                                                                  • Instruction ID: 731cb790c1dce004b5bb3c88c2ae375b1cd915720325bd9300897b294d42de2c
                                                                                                                                  • Opcode Fuzzy Hash: ce2d2e30eba330975c5086605bfd5178832671bb050a18a662388ce42764fb9b
                                                                                                                                  • Instruction Fuzzy Hash: 79E048769002586ADB11DBE4DD44FDA77ACEF0D3C1F0400757645D6005EA74DA84DBF0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACB3C8 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00ACB3E9
                                                                                                                                  • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00ACB3F0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BitmapCreateFromGdipStream
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1918208029-0
                                                                                                                                  • Opcode ID: f4402cc763a22b076fe3f19566068f4f9c27b4be2fcd10acc85b1730345d0092
                                                                                                                                  • Instruction ID: 2dc2114e531650e12ed305185648ddcb36642e42d74e60d7fa26c5ad95156216
                                                                                                                                  • Opcode Fuzzy Hash: f4402cc763a22b076fe3f19566068f4f9c27b4be2fcd10acc85b1730345d0092
                                                                                                                                  • Instruction Fuzzy Hash: FCE0ED71910618EFCB10DF99C541B99B7F8EB04354F21806EE89697700E774AE449BA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD3D1C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00AD3D3A
                                                                                                                                  • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00AD3D45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1660781231-0
                                                                                                                                  • Opcode ID: 8f53b4e45c43bf960d5eee58b54db8215d6639ac2f5e9322241669490494cc87
                                                                                                                                  • Instruction ID: e859f26dd99794bdcf403922554a4f6f9bc636a7baee4f78d5ea1ceae1076b5a
                                                                                                                                  • Opcode Fuzzy Hash: 8f53b4e45c43bf960d5eee58b54db8215d6639ac2f5e9322241669490494cc87
                                                                                                                                  • Instruction Fuzzy Hash: 01D02337404701358C0433B46D0349933566812B707E01ED7E0F39A3D1DF2487059C13
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB12D1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemShowWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3351165006-0
                                                                                                                                  • Opcode ID: 388fa7edb480ef496ba5890c61a4be17f7b4382f6bfaf80888bf71d02a69f688
                                                                                                                                  • Instruction ID: a571343a84b5be77f4ed09b2f13714f964b4310a89f26e273976b7ac1c1e5cd8
                                                                                                                                  • Opcode Fuzzy Hash: 388fa7edb480ef496ba5890c61a4be17f7b4382f6bfaf80888bf71d02a69f688
                                                                                                                                  • Instruction Fuzzy Hash: DEC01232058500FECB120B70DC09D6A7BA8ABD4211F50C904F1A5D2060C639C020DB11
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB12B3 Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00AB12C1
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(00000000), ref: 00AB12C8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CallbackDispatcherItemUser
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4250310104-0
                                                                                                                                  • Opcode ID: a520084e29edba741ff00a6bd10618ca8f4c8be939bbf8b96daf9f1b21e5468a
                                                                                                                                  • Instruction ID: c53b445fb9d6e07ade30e974c1e9ae99a150faab0d12ba91e386ca2de1e5a6e2
                                                                                                                                  • Opcode Fuzzy Hash: a520084e29edba741ff00a6bd10618ca8f4c8be939bbf8b96daf9f1b21e5468a
                                                                                                                                  • Instruction Fuzzy Hash: D5C04C76408640FFCB125BB49D0CD6FBFBDABD4311F90C909B2A592020CA358420DF11
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB1AD3 Relevance: 1.8, APIs: 1, Instructions: 319COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: cc1d749bd8980f92e41bc23824c4ef7ac2a8c5e12ecf3adba37d0141373f73d7
                                                                                                                                  • Instruction ID: f9daeaf9c1581a07b228f237c9c820c6ed2091b74ee062d65fe3042abb2d2acb
                                                                                                                                  • Opcode Fuzzy Hash: cc1d749bd8980f92e41bc23824c4ef7ac2a8c5e12ecf3adba37d0141373f73d7
                                                                                                                                  • Instruction Fuzzy Hash: 69C18271A002549FDF25CF2889E47ED7BA9AF4A310F9801BAEC059F297C735DA44CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB6DEF Relevance: 1.7, APIs: 1, Instructions: 183COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _strlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4218353326-0
                                                                                                                                  • Opcode ID: 941bfae615688ee32bbd6900b3b070fa22ea946234ba2437a9a814970aadf6c0
                                                                                                                                  • Instruction ID: 37537236ff7fce098d20b4500b72585225ea945a76f07ec7212edc884ebc93b0
                                                                                                                                  • Opcode Fuzzy Hash: 941bfae615688ee32bbd6900b3b070fa22ea946234ba2437a9a814970aadf6c0
                                                                                                                                  • Instruction Fuzzy Hash: 1A518472504308ABD721ABA0DD41FEFB7EDFB88304F04492EF689D3142EA35E5548BA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB42F1 Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 21da7502e29dea14a9fa11e706c4fd17158e786b94afb1cf466d03fba0f91cea
                                                                                                                                  • Instruction ID: 122c464369d9e8b70a746335c7e085a595550b4a597f996e3a0861905d9091b4
                                                                                                                                  • Opcode Fuzzy Hash: 21da7502e29dea14a9fa11e706c4fd17158e786b94afb1cf466d03fba0f91cea
                                                                                                                                  • Instruction Fuzzy Hash: D77190B2504B859FCB35EB74C951AE7B7ECBF19300F04092EA2AB46183DB71BA44CB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB90A2 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00AB90A7
                                                                                                                                    • Part of subcall function 00AB13F8: __EH_prolog.LIBCMT ref: 00AB13FD
                                                                                                                                    • Part of subcall function 00AB2032: __EH_prolog.LIBCMT ref: 00AB2037
                                                                                                                                    • Part of subcall function 00ABB966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00ABB991
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog$CloseFind
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2506663941-0
                                                                                                                                  • Opcode ID: 7cc7fe75920482f8bc4f2aff54df26365b3c62ceacf51cd077703e15b7668593
                                                                                                                                  • Instruction ID: bd7471230ef912acd7ccac2db7068a462996fd8b98d8da7bb7f4191ce05ce9a9
                                                                                                                                  • Opcode Fuzzy Hash: 7cc7fe75920482f8bc4f2aff54df26365b3c62ceacf51cd077703e15b7668593
                                                                                                                                  • Instruction Fuzzy Hash: 92419371D042546EDB24EB64C9A5AEA77BDAF10340F4405EAF28A67083DBB55F88DF10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB13FD Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00AB13FD
                                                                                                                                    • Part of subcall function 00AB6891: __EH_prolog.LIBCMT ref: 00AB6896
                                                                                                                                    • Part of subcall function 00ABE298: __EH_prolog.LIBCMT ref: 00ABE29D
                                                                                                                                    • Part of subcall function 00AB644D: __EH_prolog.LIBCMT ref: 00AB6452
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 828495c2739783b9eac7070beebab2b4549cad091f7c4931aaea1a9e37989359
                                                                                                                                  • Instruction ID: f0f756fd029d0537906a9c0ee90acbc50943e7e85ea10a994baee3c433161fb4
                                                                                                                                  • Opcode Fuzzy Hash: 828495c2739783b9eac7070beebab2b4549cad091f7c4931aaea1a9e37989359
                                                                                                                                  • Instruction Fuzzy Hash: 495143B1A063808ECB14DF6995C02D9BBE9AF59300F0802BEEC5DCF68BD7750214CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB13F8 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00AB13FD
                                                                                                                                    • Part of subcall function 00AB6891: __EH_prolog.LIBCMT ref: 00AB6896
                                                                                                                                    • Part of subcall function 00ABE298: __EH_prolog.LIBCMT ref: 00ABE29D
                                                                                                                                    • Part of subcall function 00AB644D: __EH_prolog.LIBCMT ref: 00AB6452
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 0ea08b89137dea78e1a7c18d5859d1a426729ead254808b5ce51ed5cae0b0bbb
                                                                                                                                  • Instruction ID: f27d84196f3a12e53b16532b38fc517653396a0bd445c2ef3f7a86a761d0449b
                                                                                                                                  • Opcode Fuzzy Hash: 0ea08b89137dea78e1a7c18d5859d1a426729ead254808b5ce51ed5cae0b0bbb
                                                                                                                                  • Instruction Fuzzy Hash: 2F5133B19063808ECB14DF6995C02D9BBE5AF59300F1802BEEC5DCF68BD7751214CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACC217 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00ACC21C
                                                                                                                                    • Part of subcall function 00AB13F8: __EH_prolog.LIBCMT ref: 00AB13FD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: d6d317d7fe8aa58030462afde2517e879babf6c5858a4d4cb1694b83b6a75737
                                                                                                                                  • Instruction ID: 6144cbc8e85b70b6a88f3d617e77b89a315ec5fed41b017bf44110992861daaa
                                                                                                                                  • Opcode Fuzzy Hash: d6d317d7fe8aa58030462afde2517e879babf6c5858a4d4cb1694b83b6a75737
                                                                                                                                  • Instruction Fuzzy Hash: 14218171C04219AFDF15EF94C951AEEB7B4FF44314F1000AEE80AB7242E7756A45DB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADBE58 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00AE4ADC), ref: 00ADBEB8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 190572456-0
                                                                                                                                  • Opcode ID: 4cb77d6c93369e70a8e887c4cbbef10e4d744f3fddcdb7964996f2ec93c64967
                                                                                                                                  • Instruction ID: fb63bf7dcc8c2652048612865162338dfd1b39f81b04de491b45902e8c299ea1
                                                                                                                                  • Opcode Fuzzy Hash: 4cb77d6c93369e70a8e887c4cbbef10e4d744f3fddcdb7964996f2ec93c64967
                                                                                                                                  • Instruction Fuzzy Hash: 7911A337A10525DF9B21DFA9EC408EBB3A59B857207174262EE16AB354DF30EC42C7E0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABA475 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 1b69a7808adbbd7e19f4aa3d1a0b72ac88fad4b2a8b7dd266cb0a8d98e2d3c52
                                                                                                                                  • Instruction ID: cfc31f36bf0b680fe3595e1a1688bdeca85867afc3393b191d20f6c979dc1b9a
                                                                                                                                  • Opcode Fuzzy Hash: 1b69a7808adbbd7e19f4aa3d1a0b72ac88fad4b2a8b7dd266cb0a8d98e2d3c52
                                                                                                                                  • Instruction Fuzzy Hash: 4C110233D005299BCB21EF68C995AFEB3BCAF84700F01412AF816B7203DB748C008B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACEBA2 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00ACEBA7
                                                                                                                                    • Part of subcall function 00AC1983: _wcslen.LIBCMT ref: 00AC1999
                                                                                                                                    • Part of subcall function 00AB8823: __EH_prolog.LIBCMT ref: 00AB8828
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2838827086-0
                                                                                                                                  • Opcode ID: aa07b230b5fe2fc06b90f0c981351a13cd666c0af3e9866a8f9ccdf05fb0072e
                                                                                                                                  • Instruction ID: f7e67dfc60a813f1d31dff104fd5df21735f85e2da2afd8de2880abbbe0ad787
                                                                                                                                  • Opcode Fuzzy Hash: aa07b230b5fe2fc06b90f0c981351a13cd666c0af3e9866a8f9ccdf05fb0072e
                                                                                                                                  • Instruction Fuzzy Hash: 86110A72605290AED705EBA8AD06BDD7FE8EB35360F00809EF149532E3DFB41640CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADD639 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00ADC2F6: RtlAllocateHeap.NTDLL(00000008,00AE4ADC,00000000,?,00ADA5CA,00000001,00000364,?,?,?,00ABECA4,?,?,?,00000004,00ABEA30), ref: 00ADC337
                                                                                                                                  • _free.LIBCMT ref: 00ADD6A5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 614378929-0
                                                                                                                                  • Opcode ID: 7d30b6ea8507d2c13b34e354a80f4644266152c8881b27fa68bdf41323802f68
                                                                                                                                  • Instruction ID: 498bc829a5a0cd8a2d238a732d1720c1c32ba24b77a9757683ddbc901d261f73
                                                                                                                                  • Opcode Fuzzy Hash: 7d30b6ea8507d2c13b34e354a80f4644266152c8881b27fa68bdf41323802f68
                                                                                                                                  • Instruction Fuzzy Hash: B201F973200345ABE3219F69DC41D5AFBEDFB95370F25061EE59A97380EA30A905C778
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB4727 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00AB472C
                                                                                                                                    • Part of subcall function 00AB6891: __EH_prolog.LIBCMT ref: 00AB6896
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: d808eebd40ab553712aa85f23830a252d2bfba6dc821368ae9a4b12763dd4e6b
                                                                                                                                  • Instruction ID: 4514777abc9e8edd78932436845601e6ba4b59d1619f99dd78bb3a723f695a37
                                                                                                                                  • Opcode Fuzzy Hash: d808eebd40ab553712aa85f23830a252d2bfba6dc821368ae9a4b12763dd4e6b
                                                                                                                                  • Instruction Fuzzy Hash: 9E018F72900709AEDB20DF64C902F9B77F9EF88710F00882AF59697282EB70E551DB20
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADC2F6 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,00AE4ADC,00000000,?,00ADA5CA,00000001,00000364,?,?,?,00ABECA4,?,?,?,00000004,00ABEA30), ref: 00ADC337
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 21b081664de6386374b8919bcd538c300025c616e2a00600a2f401439a13ae65
                                                                                                                                  • Instruction ID: 9a972df65cd96523d5355df3311cb696ccc230feebec8a93786aa1becda9a2a8
                                                                                                                                  • Opcode Fuzzy Hash: 21b081664de6386374b8919bcd538c300025c616e2a00600a2f401439a13ae65
                                                                                                                                  • Instruction Fuzzy Hash: D8F0B431604126A6DB215F269D05A5AF758AF41771B94C013F817DF390DA20D900D6E1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADA7FE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00ADDBEC,00000000,?,00AD80B1,?,00000008,?,00ADA871,?,?,?), ref: 00ADA830
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 9eb9d86305fb7ce8110736531677ca4e6c318c31357b76728a4520782df80816
                                                                                                                                  • Instruction ID: a405b406ab01efb184a7af715d11e722758fe2d679c387e76122a71e39dfc8ce
                                                                                                                                  • Opcode Fuzzy Hash: 9eb9d86305fb7ce8110736531677ca4e6c318c31357b76728a4520782df80816
                                                                                                                                  • Instruction Fuzzy Hash: 77E06D35600622A6E6312B66AD01BAF3A58DF727A0F154123EC07D63D2DF64CC02E2E7
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABA880 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00ABA83D,?,?,?,?,?,00AE380F,000000FF), ref: 00ABA89B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ChangeCloseFindNotification
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2591292051-0
                                                                                                                                  • Opcode ID: 4206683c2667f49e5f09b889b2872984f3d32a16f9f90664bc7875fcbe6ecda6
                                                                                                                                  • Instruction ID: 7f091696a8dfa17640df8349ad23467b5c91756552b6a843ee75eea9a3e6fce7
                                                                                                                                  • Opcode Fuzzy Hash: 4206683c2667f49e5f09b889b2872984f3d32a16f9f90664bc7875fcbe6ecda6
                                                                                                                                  • Instruction Fuzzy Hash: B0F0E231481B458FDB308B64C4887D2B7ECAB22325F040B5ED0E243DE1E360698E8B41
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABB966 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00ABBA94: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00ABB98B,000000FF,?,?), ref: 00ABBABD
                                                                                                                                    • Part of subcall function 00ABBA94: FindFirstFileW.KERNEL32(?,?,?,?,00000800,?,?,?,?,00ABB98B,000000FF,?,?), ref: 00ABBAEB
                                                                                                                                    • Part of subcall function 00ABBA94: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00ABB98B,000000FF,?,?), ref: 00ABBAF7
                                                                                                                                  • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00ABB991
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$FileFirst$CloseErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1464966427-0
                                                                                                                                  • Opcode ID: 2a89b0daea2ae8f29e32fa626cc9884c45a537cb71a81c8039de498f2615a298
                                                                                                                                  • Instruction ID: 242b36868ffbc02e3ebe4401fe27d41f10a6c9dd480fd7eadb0dce6433dddd71
                                                                                                                                  • Opcode Fuzzy Hash: 2a89b0daea2ae8f29e32fa626cc9884c45a537cb71a81c8039de498f2615a298
                                                                                                                                  • Instruction Fuzzy Hash: CAF08232018790AACA325BB459047CBBB986F1A335F048A4DF2FE122D3C3B450959732
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC0752 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 176396367-0
                                                                                                                                  • Opcode ID: 35fee400656dab3ddf06bb9e4c7f28f7053af286ee115eb07be65e7c501d169d
                                                                                                                                  • Instruction ID: 448466d040d33064a290fc6f7fb4d7454729bee88c467b29f31baac41668b7cd
                                                                                                                                  • Opcode Fuzzy Hash: 35fee400656dab3ddf06bb9e4c7f28f7053af286ee115eb07be65e7c501d169d
                                                                                                                                  • Instruction Fuzzy Hash: 2AE04F32100600AAD325AB299905E6BABE99FD5B20F15851EF59586281CBB5A8918EA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC2128 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetThreadExecutionState.KERNEL32(00000001), ref: 00AC215D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExecutionStateThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2211380416-0
                                                                                                                                  • Opcode ID: c3e28253a29389e7f65bf3a28752657c94dbafcc83765233cbb0952ace5949d6
                                                                                                                                  • Instruction ID: 5a5df84df3c327e0ba28394e2e1785a8466809d9e56985bb2053cf6ba2f527e3
                                                                                                                                  • Opcode Fuzzy Hash: c3e28253a29389e7f65bf3a28752657c94dbafcc83765233cbb0952ace5949d6
                                                                                                                                  • Instruction Fuzzy Hash: 94D0172261805092DF2673B86965FFD1E4A5FD6324F0A00ABB309762938FA8094393B2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACB636 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GdipAlloc.GDIPLUS(00000010), ref: 00ACB63C
                                                                                                                                    • Part of subcall function 00ACB3C8: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00ACB3E9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1915507550-0
                                                                                                                                  • Opcode ID: 67c6c0b1a9f8045d953eebf11179e7c179da5fb7bf356439fdf6af47a3be8cb5
                                                                                                                                  • Instruction ID: 81ab9a17d2a7a2554da76e9b5645bd14a5e79e18ad5c5502763c2e9718c85b6a
                                                                                                                                  • Opcode Fuzzy Hash: 67c6c0b1a9f8045d953eebf11179e7c179da5fb7bf356439fdf6af47a3be8cb5
                                                                                                                                  • Instruction Fuzzy Hash: A8D0A730224208BADF01AB60CC03F7E76959B10344F01813ABD0299190EBB2D9606171
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF747 Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DloadProtectSection.DELAYIMP ref: 00ACF76F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DloadProtectSection
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2203082970-0
                                                                                                                                  • Opcode ID: 80e4f93176c54266dde80f6b15e68d0700494e04b1003a826d0a3c39dfd72749
                                                                                                                                  • Instruction ID: f8551b490c4faa07b7af0a8f1380c4a7feccf9fcc67121e84458ec3cf78e71db
                                                                                                                                  • Opcode Fuzzy Hash: 80e4f93176c54266dde80f6b15e68d0700494e04b1003a826d0a3c39dfd72749
                                                                                                                                  • Instruction Fuzzy Hash: C3D01230540244FECA12EB74BDC6F9432F3F308B48F92497EF541961A1DB7045508611
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACEEBD Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00AC2E88), ref: 00ACEEE2
                                                                                                                                    • Part of subcall function 00ACC758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00ACC769
                                                                                                                                    • Part of subcall function 00ACC758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00ACC77A
                                                                                                                                    • Part of subcall function 00ACC758: IsDialogMessageW.USER32(00020440,?), ref: 00ACC78E
                                                                                                                                    • Part of subcall function 00ACC758: TranslateMessage.USER32(?), ref: 00ACC79C
                                                                                                                                    • Part of subcall function 00ACC758: DispatchMessageW.USER32(?), ref: 00ACC7A6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 897784432-0
                                                                                                                                  • Opcode ID: b80b8599026055b040b9b0c6a4aae4ee66e9fd8529b412b4dd144e25ef164cb9
                                                                                                                                  • Instruction ID: b1c5f34147578a3db978b457e62de7fb939e8957325760800c34d387d126e58e
                                                                                                                                  • Opcode Fuzzy Hash: b80b8599026055b040b9b0c6a4aae4ee66e9fd8529b412b4dd144e25ef164cb9
                                                                                                                                  • Instruction Fuzzy Hash: 8DD09E75144200AEDA112B91CE06F1A7AE2BBD8B05F404558B289740B1C6629E219B02
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC0534 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                  • Opcode ID: 0192e7617b9ff59801cfcfe6dc54e2fcee3b8fbe7ce597345e9e86d652ec1908
                                                                                                                                  • Instruction ID: 560ef66d886c38e210e611bcca1832888f593eefa56b0cbfaba6905672e13388
                                                                                                                                  • Opcode Fuzzy Hash: 0192e7617b9ff59801cfcfe6dc54e2fcee3b8fbe7ce597345e9e86d652ec1908
                                                                                                                                  • Instruction Fuzzy Hash: 28D0CA70410221CFD3A08F78E808B82BBE4AF08310B22883E90C9C2220E6748880CF40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABAB1C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileType.KERNELBASE(000000FF,00ABAA1E), ref: 00ABAB28
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileType
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3081899298-0
                                                                                                                                  • Opcode ID: c37009906389c8241eb15385ea50a3ed0f1acd842a4cfcf6ae8234bfb1c783aa
                                                                                                                                  • Instruction ID: dccdf587de2f209e973e6efe6985c4af68803a95f42f50fc5ae3b7e0fd365250
                                                                                                                                  • Opcode Fuzzy Hash: c37009906389c8241eb15385ea50a3ed0f1acd842a4cfcf6ae8234bfb1c783aa
                                                                                                                                  • Instruction Fuzzy Hash: 3DC08034000305C58E704B74D8440D57B27FA723757B493E5C075C90A3C3278C43E603
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF3AA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 7e91640ea95b7be4c23cc23f004b5fbd71edc3a089e0e9e6dd8bf8c68d28784b
                                                                                                                                  • Instruction ID: 529c21328fc66047bdb69486d77f543180eee404baa95c8de1f993f6cc5c3f66
                                                                                                                                  • Opcode Fuzzy Hash: 7e91640ea95b7be4c23cc23f004b5fbd71edc3a089e0e9e6dd8bf8c68d28784b
                                                                                                                                  • Instruction Fuzzy Hash: DAB012B2268442BD3654A1196D03F3A02ADC0C0B10331983EF810C4180D4401C461031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF3A0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 22f93f97dac9863f2b67983c1184d997de1ba957bff72b5615442bda300f9e1f
                                                                                                                                  • Instruction ID: 0a67812cbb153763e42d309a860f48b38f7de087a8261ff46bf381894a44dcbd
                                                                                                                                  • Opcode Fuzzy Hash: 22f93f97dac9863f2b67983c1184d997de1ba957bff72b5615442bda300f9e1f
                                                                                                                                  • Instruction Fuzzy Hash: 81B012A2278442BD3654A1592D03F36036DD0C1B103718C3EF410C4280D4500C4A1031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF3BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 7f2a279d1cbdb5306831e13eb4720eda487487c7e315fe20e73364b4d09301f0
                                                                                                                                  • Instruction ID: a0cac4a6835b88a110a321fce7b7c564ec2db85dd2f0e377c323080bc2aaf85a
                                                                                                                                  • Opcode Fuzzy Hash: 7f2a279d1cbdb5306831e13eb4720eda487487c7e315fe20e73364b4d09301f0
                                                                                                                                  • Instruction Fuzzy Hash: 68B012B22A8442BD3654A1192E03F36026DC0C0B10331583EF410C8180D4811D471031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF38C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 5237dad5d6f106270c05cfe5559630c75f9811756e7309acde8fbd2c7df70762
                                                                                                                                  • Instruction ID: 66b2e6cc945d4804ba2ae682bffe74bd7f29c2d3469e00a1f98b151d2bc26e6d
                                                                                                                                  • Opcode Fuzzy Hash: 5237dad5d6f106270c05cfe5559630c75f9811756e7309acde8fbd2c7df70762
                                                                                                                                  • Instruction Fuzzy Hash: 2AB012A2278582BD3694A1192D03F36026DC0C1B10331893EF810C4280D4500C8A1031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF382 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 02c07c2983a89b73d5c999928df49c39be65e1aac9d8e1363d945f02af6e3fa0
                                                                                                                                  • Instruction ID: 0ac923fc0a78e546a7303e3a01532921768e20b9e4b8c2005ad69d42f633a806
                                                                                                                                  • Opcode Fuzzy Hash: 02c07c2983a89b73d5c999928df49c39be65e1aac9d8e1363d945f02af6e3fa0
                                                                                                                                  • Instruction Fuzzy Hash: 76B012A2278442BD3654A5196D03F3A026DC0C2B10331C93EF810C4280D4500C4A1031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF396 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 5e9cf6642705a16056bb8a4d5698225279ff33370939e8accdd67fd1df722d33
                                                                                                                                  • Instruction ID: 8c673d983e1cd26358ff22cbd78b813c90adc7f59d75aca6d2e7a8c4702817ce
                                                                                                                                  • Opcode Fuzzy Hash: 5e9cf6642705a16056bb8a4d5698225279ff33370939e8accdd67fd1df722d33
                                                                                                                                  • Instruction Fuzzy Hash: 2AB012A23B8442BD3654A1192E03F36026DC0C1B10331883EF410C8280D4A10C4F1031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF3C8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: c048053bcdfb94b8352f76a09d24fcf783cfffe8dd233058f348b07c1605c3cb
                                                                                                                                  • Instruction ID: 078acd3aea1df87657543da44377ad66cde33018c05657342217b58d83715de9
                                                                                                                                  • Opcode Fuzzy Hash: c048053bcdfb94b8352f76a09d24fcf783cfffe8dd233058f348b07c1605c3cb
                                                                                                                                  • Instruction Fuzzy Hash: 7CB012B2268442BD3654A11A2D03F36026DD0C0B10371583EF410C8180D4401C461031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF3DC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 29c534b3c496028aff0cea40449d5b0b78b729fab80b90d7e2e96e205ecd544b
                                                                                                                                  • Instruction ID: ab19c64470744cfdfd3dbe423b1fd54cfb9ade40b4190c2f1465df12c1eef961
                                                                                                                                  • Opcode Fuzzy Hash: 29c534b3c496028aff0cea40449d5b0b78b729fab80b90d7e2e96e205ecd544b
                                                                                                                                  • Instruction Fuzzy Hash: 75B012B226A542BD36D4A2192D13F36026EC0C0B20331493EF810C4180D4400C861031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF32B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: eb4765fd10f1831662bdfd7429d423f4685626af3cd0b108243c4aad186a4619
                                                                                                                                  • Instruction ID: 0e91843059851d1dbd084a7c255acbfa4fc7d8a03d30ee8a8751d2e00128a364
                                                                                                                                  • Opcode Fuzzy Hash: eb4765fd10f1831662bdfd7429d423f4685626af3cd0b108243c4aad186a4619
                                                                                                                                  • Instruction Fuzzy Hash: CAB012A2268443BE362465152D07FB6022DD0C0B10371483EF410D4080E4500C461031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF364 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 158249ecb23be10e1ae76dc4c1b284c5ff629c1164664aa257aa7def9c405d9a
                                                                                                                                  • Instruction ID: 0e3d2346c1ecbd1fc254e045805e4083d84b9170ef2df4a1fb3892812adf687e
                                                                                                                                  • Opcode Fuzzy Hash: 158249ecb23be10e1ae76dc4c1b284c5ff629c1164664aa257aa7def9c405d9a
                                                                                                                                  • Instruction Fuzzy Hash: 02B012E6268642BD3A94A1192D03F3702ADC0C0B10331493EF810C4180D4800C865031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF378 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 415d6c85879cf3b2f5eb88cce7a6c2c62cc0f648f51f29a63c6a84e879b89f36
                                                                                                                                  • Instruction ID: b29c8143cd565a7f7696ac50d8c06c5228f617aed202b44daa8269596471a85f
                                                                                                                                  • Opcode Fuzzy Hash: 415d6c85879cf3b2f5eb88cce7a6c2c62cc0f648f51f29a63c6a84e879b89f36
                                                                                                                                  • Instruction Fuzzy Hash: 39B012A6268542BD3654A1192D03F37027DD0C0B10371483EF410C4180D4800C461131
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF346 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 718e748c5ff22cd33f914145b5bc26f8deb9125719ad4ca1a984754a1822b1d1
                                                                                                                                  • Instruction ID: fa03bb4eac755e5edd5e0367c00d5d44b7c1e7429396d0bd89a7e78e289b3713
                                                                                                                                  • Opcode Fuzzy Hash: 718e748c5ff22cd33f914145b5bc26f8deb9125719ad4ca1a984754a1822b1d1
                                                                                                                                  • Instruction Fuzzy Hash: 1FB012A22A8442BD3654A11D6E03F36027DC0C0B103714A3EF410C8180D4810C471031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF35A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: c447f5b4f1677a7169d8dfcd172c25ad4389d7917ed5cd2ce5d1c2da39fe75b7
                                                                                                                                  • Instruction ID: 407d983102800d4b3134ac23a69eea7df7f0ae7bece361c55fab711b4e3f7b88
                                                                                                                                  • Opcode Fuzzy Hash: c447f5b4f1677a7169d8dfcd172c25ad4389d7917ed5cd2ce5d1c2da39fe75b7
                                                                                                                                  • Instruction Fuzzy Hash: 0BB012A6268542BD3654A1196D03F3B026DC0C0B10331883EF810C4180D4800C461031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF350 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 03004cc66e8ab2540ce9ea431619e3755a1e9502dc0a68320dd95d7f1fd71277
                                                                                                                                  • Instruction ID: 79faaef187d0bec4a4192d9d5f408a085e292a18df27ad297d8bb773a72e88ca
                                                                                                                                  • Opcode Fuzzy Hash: 03004cc66e8ab2540ce9ea431619e3755a1e9502dc0a68320dd95d7f1fd71277
                                                                                                                                  • Instruction Fuzzy Hash: 04B012A6278542BD3654A11D6D03F36027DD0C0B10371493FF410C4180D4400C461431
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF5A5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF556
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: c877053c6bfec6d2530c8347c9d94c8359a22fe5a23208ce9673ed80e236e008
                                                                                                                                  • Instruction ID: 833b555b560a032b3aa9ea3bdc9158d0a613aaf7e226d1c05e299b0a41505224
                                                                                                                                  • Opcode Fuzzy Hash: c877053c6bfec6d2530c8347c9d94c8359a22fe5a23208ce9673ed80e236e008
                                                                                                                                  • Instruction Fuzzy Hash: 2AB012E63F8400BF321492557D17F76015DD0C8B10371863FF040C1040D8404C400031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF57D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF556
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 256d8ec397cbded743d731f252008412d37bbb30eedee75777ff474fa038f4ec
                                                                                                                                  • Instruction ID: d1503b8fb02a8de9de9d6561b831d4def33529b1463c8ed6c10b5e446a720db8
                                                                                                                                  • Opcode Fuzzy Hash: 256d8ec397cbded743d731f252008412d37bbb30eedee75777ff474fa038f4ec
                                                                                                                                  • Instruction Fuzzy Hash: 5CB012E23E8504BF321492553D17F76016DD0C8B10371843EF000C1040D8404C400131
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF573 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF556
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 9b4d17d6129b5dabe1263f668d9ac10dc5a4e3b25cb43c8691cfc379581565d6
                                                                                                                                  • Instruction ID: 328cf9d8a917fb221e0c7df5e37eabab14054b5bee06896976c0f79f3ea76dc7
                                                                                                                                  • Opcode Fuzzy Hash: 9b4d17d6129b5dabe1263f668d9ac10dc5a4e3b25cb43c8691cfc379581565d6
                                                                                                                                  • Instruction Fuzzy Hash: 62B012E23E8600BF371452553D07F76019DC4C8B10331853EF000C1040D8404C840031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF6BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF6AB
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: b247e85c57401d9ab84394d9ee17fc5dea4f019eaaea6be69b3cfe7d15c71cbd
                                                                                                                                  • Instruction ID: dd09e563812ba8c08eac545cf4083630f81b36651495e2a66407a7a85f8514af
                                                                                                                                  • Opcode Fuzzy Hash: b247e85c57401d9ab84394d9ee17fc5dea4f019eaaea6be69b3cfe7d15c71cbd
                                                                                                                                  • Instruction Fuzzy Hash: E8B012A2278440BD321451652E07F36019DD0C8B14332843FF004D5088D4420C451131
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF6B4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF6AB
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 6c39e7b2f00ec3f9db328fc0549d2d1150ed5bf320d86cccb3906fae31b5ee4b
                                                                                                                                  • Instruction ID: 6117e6f96b9c068cf5827547bf53bbd44090afee19631bea6cc0e6f86fd988e2
                                                                                                                                  • Opcode Fuzzy Hash: 6c39e7b2f00ec3f9db328fc0549d2d1150ed5bf320d86cccb3906fae31b5ee4b
                                                                                                                                  • Instruction Fuzzy Hash: E2B012A2278540FD331451652D07F36019DC4C8B14331453FF004D1188D4420C881131
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF699 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF6AB
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: dc43c95a4848527094ff280f23f09af5a9d5c95a82cbeca585b9557d5ea8909f
                                                                                                                                  • Instruction ID: c26d4b793952d86485c6ab7b36afa0a46cc391a8ff1fdeafeb1c2601386c89f2
                                                                                                                                  • Opcode Fuzzy Hash: dc43c95a4848527094ff280f23f09af5a9d5c95a82cbeca585b9557d5ea8909f
                                                                                                                                  • Instruction Fuzzy Hash: ECB012A6279440BD32141151BE07E36015DC8C4B14332843FF000E408194520C411131
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF6C8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF6AB
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 5eed2d071d7a25ebf36a5795a66d2423f0815a08d2337fbab8ef516a86c45d4d
                                                                                                                                  • Instruction ID: bdd574fc0a24278c5ea0c0b92524876847ba963555491230447a27eed5a7833e
                                                                                                                                  • Opcode Fuzzy Hash: 5eed2d071d7a25ebf36a5795a66d2423f0815a08d2337fbab8ef516a86c45d4d
                                                                                                                                  • Instruction Fuzzy Hash: BAB012A2278440BD321491652D17F36019DD0C8B14371443FF014D1088D4410C441131
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF6D2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF6AB
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: d7d0635a626310a7e2914bafda0564fa9e548ce515a13c066b2585ebda0fb596
                                                                                                                                  • Instruction ID: 63119b5cca7a6a8579531de01fb003be569b92996f20f5f872ec1b8d7fcf1440
                                                                                                                                  • Opcode Fuzzy Hash: d7d0635a626310a7e2914bafda0564fa9e548ce515a13c066b2585ebda0fb596
                                                                                                                                  • Instruction Fuzzy Hash: 78B012A2278440FD321451556D07F7A01ADD0C8B14331843FF400D6084D4410C441131
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF73D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF70C
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 7397df0c841aad77710142cece4b149b4b426faa11958878ccfa56484654de79
                                                                                                                                  • Instruction ID: 6beb391e8900ef4e837ee295c02ad956b490028c8bce106133c355891ac3cb18
                                                                                                                                  • Opcode Fuzzy Hash: 7397df0c841aad77710142cece4b149b4b426faa11958878ccfa56484654de79
                                                                                                                                  • Instruction Fuzzy Hash: EBB012A2268500BD322452156D03F7A015DC4C0B10331883EF400C5044D4500C940031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF733 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF70C
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 67986e0957c7cd02b59044bf1305afb8f9a550851c449862fb388defcecb14b3
                                                                                                                                  • Instruction ID: f358b0218e2f6da5928449300a291cbdbea4c127021e832528ae793ee4abac15
                                                                                                                                  • Opcode Fuzzy Hash: 67986e0957c7cd02b59044bf1305afb8f9a550851c449862fb388defcecb14b3
                                                                                                                                  • Instruction Fuzzy Hash: C9B012A2268600BD326452153D03F76015DC4C0B103314D3EF400C0040D4500CD00031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF71F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF70C
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 219ee59a437ac7f5ff7b404a70b6e9fb3b0d4042eea4e7da78be0a6009cd6b9b
                                                                                                                                  • Instruction ID: 2e0ca22a6b2aadc37c6022850132863738a56ba3ada7b1e2579966cdddd3be8e
                                                                                                                                  • Opcode Fuzzy Hash: 219ee59a437ac7f5ff7b404a70b6e9fb3b0d4042eea4e7da78be0a6009cd6b9b
                                                                                                                                  • Instruction Fuzzy Hash: F2B012A22A8500BD321452152E03F36015DD4C0B10331483EF000C4044D4810D910031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF3B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 8d9a38a8217699fd6e0530621b50adcf818160b945d6b5a50dd215baf493f59d
                                                                                                                                  • Instruction ID: 2f264bf2efae8c47965830b5c03e36deeff7e21a53ece5d7a73ad626402d7456
                                                                                                                                  • Opcode Fuzzy Hash: 8d9a38a8217699fd6e0530621b50adcf818160b945d6b5a50dd215baf493f59d
                                                                                                                                  • Instruction Fuzzy Hash: 1BA001A62A9583BD3A58A6666E17E3A022ED4C4B613329D2EF82288185A8911C4A6431
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF3EB Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 033c240ddd0a144b0a7e33136c9aba0b3985b2c0fed89e2b0c5ae998a892b66a
                                                                                                                                  • Instruction ID: 2f264bf2efae8c47965830b5c03e36deeff7e21a53ece5d7a73ad626402d7456
                                                                                                                                  • Opcode Fuzzy Hash: 033c240ddd0a144b0a7e33136c9aba0b3985b2c0fed89e2b0c5ae998a892b66a
                                                                                                                                  • Instruction Fuzzy Hash: 1BA001A62A9583BD3A58A6666E17E3A022ED4C4B613329D2EF82288185A8911C4A6431
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF3FF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: d4abdd8244caff7685a372a55addf93bb54f1cb798216346206f57fac2497bf5
                                                                                                                                  • Instruction ID: 2f264bf2efae8c47965830b5c03e36deeff7e21a53ece5d7a73ad626402d7456
                                                                                                                                  • Opcode Fuzzy Hash: d4abdd8244caff7685a372a55addf93bb54f1cb798216346206f57fac2497bf5
                                                                                                                                  • Instruction Fuzzy Hash: 1BA001A62A9583BD3A58A6666E17E3A022ED4C4B613329D2EF82288185A8911C4A6431
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF3F5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: d51a42e9f7d561fbeb31710610b579630c8fc16b115d18e6a28d42f0c926705b
                                                                                                                                  • Instruction ID: 2f264bf2efae8c47965830b5c03e36deeff7e21a53ece5d7a73ad626402d7456
                                                                                                                                  • Opcode Fuzzy Hash: d51a42e9f7d561fbeb31710610b579630c8fc16b115d18e6a28d42f0c926705b
                                                                                                                                  • Instruction Fuzzy Hash: 1BA001A62A9583BD3A58A6666E17E3A022ED4C4B613329D2EF82288185A8911C4A6431
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF3D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 40e98c527ec28aec6c42e0c6182bf1c57843809d3f4692d1e39e944c8d23293c
                                                                                                                                  • Instruction ID: 2f264bf2efae8c47965830b5c03e36deeff7e21a53ece5d7a73ad626402d7456
                                                                                                                                  • Opcode Fuzzy Hash: 40e98c527ec28aec6c42e0c6182bf1c57843809d3f4692d1e39e944c8d23293c
                                                                                                                                  • Instruction Fuzzy Hash: 1BA001A62A9583BD3A58A6666E17E3A022ED4C4B613329D2EF82288185A8911C4A6431
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF373 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 08bd3187c2e7ff290be9baa134c3436c6868400f1a757c98523ca3719b9fcd27
                                                                                                                                  • Instruction ID: 2f264bf2efae8c47965830b5c03e36deeff7e21a53ece5d7a73ad626402d7456
                                                                                                                                  • Opcode Fuzzy Hash: 08bd3187c2e7ff290be9baa134c3436c6868400f1a757c98523ca3719b9fcd27
                                                                                                                                  • Instruction Fuzzy Hash: 1BA001A62A9583BD3A58A6666E17E3A022ED4C4B613329D2EF82288185A8911C4A6431
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF427 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: d71b9068dd8259b083ae7286220689d992226a8383c2c457464b590e028c822f
                                                                                                                                  • Instruction ID: 2f264bf2efae8c47965830b5c03e36deeff7e21a53ece5d7a73ad626402d7456
                                                                                                                                  • Opcode Fuzzy Hash: d71b9068dd8259b083ae7286220689d992226a8383c2c457464b590e028c822f
                                                                                                                                  • Instruction Fuzzy Hash: 1BA001A62A9583BD3A58A6666E17E3A022ED4C4B613329D2EF82288185A8911C4A6431
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF431 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 5171ba71c4e1305cf4fb95372056c1cd338f6b499389b02c8f95418a993de848
                                                                                                                                  • Instruction ID: 2f264bf2efae8c47965830b5c03e36deeff7e21a53ece5d7a73ad626402d7456
                                                                                                                                  • Opcode Fuzzy Hash: 5171ba71c4e1305cf4fb95372056c1cd338f6b499389b02c8f95418a993de848
                                                                                                                                  • Instruction Fuzzy Hash: 1BA001A62A9583BD3A58A6666E17E3A022ED4C4B613329D2EF82288185A8911C4A6431
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF409 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 7343d221a96264ea6e7cc65542426073833f2fb643ea10692bca482a8693bc68
                                                                                                                                  • Instruction ID: 2f264bf2efae8c47965830b5c03e36deeff7e21a53ece5d7a73ad626402d7456
                                                                                                                                  • Opcode Fuzzy Hash: 7343d221a96264ea6e7cc65542426073833f2fb643ea10692bca482a8693bc68
                                                                                                                                  • Instruction Fuzzy Hash: 1BA001A62A9583BD3A58A6666E17E3A022ED4C4B613329D2EF82288185A8911C4A6431
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF41D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: a4be7a2fd750d1ef2a41394422c5000756cf78665252d40fb4b8f277e32e70a7
                                                                                                                                  • Instruction ID: 2f264bf2efae8c47965830b5c03e36deeff7e21a53ece5d7a73ad626402d7456
                                                                                                                                  • Opcode Fuzzy Hash: a4be7a2fd750d1ef2a41394422c5000756cf78665252d40fb4b8f277e32e70a7
                                                                                                                                  • Instruction Fuzzy Hash: 1BA001A62A9583BD3A58A6666E17E3A022ED4C4B613329D2EF82288185A8911C4A6431
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF413 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF33D
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: d09eb84ecfd85f1a5d370f8747232261f73714f861d21abde348274bb0c8a246
                                                                                                                                  • Instruction ID: 2f264bf2efae8c47965830b5c03e36deeff7e21a53ece5d7a73ad626402d7456
                                                                                                                                  • Opcode Fuzzy Hash: d09eb84ecfd85f1a5d370f8747232261f73714f861d21abde348274bb0c8a246
                                                                                                                                  • Instruction Fuzzy Hash: 1BA001A62A9583BD3A58A6666E17E3A022ED4C4B613329D2EF82288185A8911C4A6431
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF5A0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF556
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 331d0b43a9bc3b50b1af253a0d10d5b06ea18e7441d40ce3de0300869f1f5ff6
                                                                                                                                  • Instruction ID: 48f29c705cc0bc3b31b56cc1c1c174d36c64ab24aaa90c53bb1f3925240f1027
                                                                                                                                  • Opcode Fuzzy Hash: 331d0b43a9bc3b50b1af253a0d10d5b06ea18e7441d40ce3de0300869f1f5ff6
                                                                                                                                  • Instruction Fuzzy Hash: C7A011E22E8002BE320822223E03E3A022EC0C8BA0332882EF002C0080A8800C000030
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF58C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF556
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 7e3e569d15ba8809b082790842b0838d3faec1486354d98be1715038e6c06f99
                                                                                                                                  • Instruction ID: 48f29c705cc0bc3b31b56cc1c1c174d36c64ab24aaa90c53bb1f3925240f1027
                                                                                                                                  • Opcode Fuzzy Hash: 7e3e569d15ba8809b082790842b0838d3faec1486354d98be1715038e6c06f99
                                                                                                                                  • Instruction Fuzzy Hash: C7A011E22E8002BE320822223E03E3A022EC0C8BA0332882EF002C0080A8800C000030
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF596 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF556
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 3ecf2a8cc494fc2a1e0d2183083d3c3c4012db0562b112255d17749ce5d02baf
                                                                                                                                  • Instruction ID: 48f29c705cc0bc3b31b56cc1c1c174d36c64ab24aaa90c53bb1f3925240f1027
                                                                                                                                  • Opcode Fuzzy Hash: 3ecf2a8cc494fc2a1e0d2183083d3c3c4012db0562b112255d17749ce5d02baf
                                                                                                                                  • Instruction Fuzzy Hash: C7A011E22E8002BE320822223E03E3A022EC0C8BA0332882EF002C0080A8800C000030
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF56E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF556
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 8db8b98fec21b6e50c5a4b4205932c71f88567a75d06d70a3ca87891b3501e32
                                                                                                                                  • Instruction ID: 48f29c705cc0bc3b31b56cc1c1c174d36c64ab24aaa90c53bb1f3925240f1027
                                                                                                                                  • Opcode Fuzzy Hash: 8db8b98fec21b6e50c5a4b4205932c71f88567a75d06d70a3ca87891b3501e32
                                                                                                                                  • Instruction Fuzzy Hash: C7A011E22E8002BE320822223E03E3A022EC0C8BA0332882EF002C0080A8800C000030
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF564 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF556
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 7dcea7b22e3cf62145fea853ea0a9e8310c25e7e15e6bdd32e7ac79a3d4fca16
                                                                                                                                  • Instruction ID: 48f29c705cc0bc3b31b56cc1c1c174d36c64ab24aaa90c53bb1f3925240f1027
                                                                                                                                  • Opcode Fuzzy Hash: 7dcea7b22e3cf62145fea853ea0a9e8310c25e7e15e6bdd32e7ac79a3d4fca16
                                                                                                                                  • Instruction Fuzzy Hash: C7A011E22E8002BE320822223E03E3A022EC0C8BA0332882EF002C0080A8800C000030
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF549 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF556
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 6b798250d2f814db958e22d301b8db8fcf5694b2c15e4f03c6adbe1425524425
                                                                                                                                  • Instruction ID: f7f6cecf53f47507f261e43ee182e235bf677eeb2f5d71f9215ac7c0c861175f
                                                                                                                                  • Opcode Fuzzy Hash: 6b798250d2f814db958e22d301b8db8fcf5694b2c15e4f03c6adbe1425524425
                                                                                                                                  • Instruction Fuzzy Hash: C4A011E22E80083E32082A223E03E3A022EC0C0B20332882EF000C0080A8800C000030
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF6EB Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF6AB
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: fbe16f9968d3b39ed262ed939ebe3b2da1ab9bf58e42d7ca5ca2be8187222a12
                                                                                                                                  • Instruction ID: 975ac67606017eb553a6a8594994063e0550d93fd5d73c9bbcd18d7724e11175
                                                                                                                                  • Opcode Fuzzy Hash: fbe16f9968d3b39ed262ed939ebe3b2da1ab9bf58e42d7ca5ca2be8187222a12
                                                                                                                                  • Instruction Fuzzy Hash: 07A002F62BD582BD361862627E17F3B026ED4C8F693328D3FF412E50D5A9921C452531
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF6E1 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF6AB
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 4a9a164f4b5721eb9f690df71d5cd74bcfe15bc78d4439ff49d99c12dbd19ba8
                                                                                                                                  • Instruction ID: 975ac67606017eb553a6a8594994063e0550d93fd5d73c9bbcd18d7724e11175
                                                                                                                                  • Opcode Fuzzy Hash: 4a9a164f4b5721eb9f690df71d5cd74bcfe15bc78d4439ff49d99c12dbd19ba8
                                                                                                                                  • Instruction Fuzzy Hash: 07A002F62BD582BD361862627E17F3B026ED4C8F693328D3FF412E50D5A9921C452531
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF6FF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF70C
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 8b95b990fd558b23c63138b6e80709bd431d039e4987b21af4de17ba1d506416
                                                                                                                                  • Instruction ID: b485e54a03aeaf2755291db12c53affb6ce63c80dc1d7f85a463060d71309b15
                                                                                                                                  • Opcode Fuzzy Hash: 8b95b990fd558b23c63138b6e80709bd431d039e4987b21af4de17ba1d506416
                                                                                                                                  • Instruction Fuzzy Hash: 4BA002F62B9645BD361867627E97F3B122EE8C0F353328D3EF411D4085A8911D951031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF6F5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF6AB
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: ce4c2c9e02aa1c706f21f7eca8a7762b03fae9fbbb555a7b7a99686516aa5e81
                                                                                                                                  • Instruction ID: 975ac67606017eb553a6a8594994063e0550d93fd5d73c9bbcd18d7724e11175
                                                                                                                                  • Opcode Fuzzy Hash: ce4c2c9e02aa1c706f21f7eca8a7762b03fae9fbbb555a7b7a99686516aa5e81
                                                                                                                                  • Instruction Fuzzy Hash: 07A002F62BD582BD361862627E17F3B026ED4C8F693328D3FF412E50D5A9921C452531
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF72E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF70C
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 7129bddeee8e7f88121fa3d5beebda2ed1ee008f3138e61fa9ee47f4ad2bcb1f
                                                                                                                                  • Instruction ID: 720a961b2fef534ffba3f6ae50621e880ce0f7bb7619a9faa0c4acb67fdc3fc3
                                                                                                                                  • Opcode Fuzzy Hash: 7129bddeee8e7f88121fa3d5beebda2ed1ee008f3138e61fa9ee47f4ad2bcb1f
                                                                                                                                  • Instruction Fuzzy Hash: 2DA002F62BD646BD361867627E57F3B122ED8C4F613328D3EF412C4085A8911D951031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF71A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00ACF70C
                                                                                                                                    • Part of subcall function 00ACF9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ACFA5C
                                                                                                                                    • Part of subcall function 00ACF9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ACFA6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 97b3142955993a3388bb1efa23ea32e1b38b3d3f385c0bf09f409ddf3addede8
                                                                                                                                  • Instruction ID: 720a961b2fef534ffba3f6ae50621e880ce0f7bb7619a9faa0c4acb67fdc3fc3
                                                                                                                                  • Opcode Fuzzy Hash: 97b3142955993a3388bb1efa23ea32e1b38b3d3f385c0bf09f409ddf3addede8
                                                                                                                                  • Instruction Fuzzy Hash: 2DA002F62BD646BD361867627E57F3B122ED8C4F613328D3EF412C4085A8911D951031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABB199 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetEndOfFile.KERNELBASE(?,00ABA083,?,?,-000018C0,?,-00002908,00000000,-00000880,?,00000000,?,?,00000000,00AB922F,-00008BE0), ref: 00ABB19C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 749574446-0
                                                                                                                                  • Opcode ID: f6059a25c26fc63c9bb5f52509afcd968543cd2fa6468a86c12c526ef5bc45b9
                                                                                                                                  • Instruction ID: 2824210eb7fc8733cdd3d964005fc6c3dca79cca8fad3eb03acb84d1c23a2e66
                                                                                                                                  • Opcode Fuzzy Hash: f6059a25c26fc63c9bb5f52509afcd968543cd2fa6468a86c12c526ef5bc45b9
                                                                                                                                  • Instruction Fuzzy Hash: 11A0113008000A8ACE202B30EA0800C3B20EB20BC030002A8A00ACE0A2CB2A880B8B00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACBC19 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,00ACBFF6,00B01890,00000000,00B02892,00000006), ref: 00ACBC1D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1611563598-0
                                                                                                                                  • Opcode ID: 698dc480e9afd061621232e71bad287a81366f93016e0f4a43030cf056ec5da0
                                                                                                                                  • Instruction ID: 712227a2a3788274bb0cfe18d286756f39556848f56c8a504607b011587b2e4d
                                                                                                                                  • Opcode Fuzzy Hash: 698dc480e9afd061621232e71bad287a81366f93016e0f4a43030cf056ec5da0
                                                                                                                                  • Instruction Fuzzy Hash: 86A0123110010087C6004B718F4550E76596F61600F01C034600084030D7308860A600
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00ACD420 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 233windowfileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00AB12F6: GetDlgItem.USER32(00000000,00003021), ref: 00AB133A
                                                                                                                                    • Part of subcall function 00AB12F6: SetWindowTextW.USER32(00000000,00AE45F4), ref: 00AB1350
                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00ACD4B1
                                                                                                                                  • EndDialog.USER32(?,00000006), ref: 00ACD4C4
                                                                                                                                  • GetDlgItem.USER32(?,0000006C), ref: 00ACD4E0
                                                                                                                                  • SetFocus.USER32(00000000), ref: 00ACD4E7
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000065,?), ref: 00ACD521
                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00ACD558
                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00ACD56E
                                                                                                                                    • Part of subcall function 00ACBC2B: FileTimeToSystemTime.KERNEL32(?,?), ref: 00ACBC3F
                                                                                                                                    • Part of subcall function 00ACBC2B: SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00ACBC50
                                                                                                                                    • Part of subcall function 00ACBC2B: SystemTimeToFileTime.KERNEL32(?,?), ref: 00ACBC5E
                                                                                                                                    • Part of subcall function 00ACBC2B: FileTimeToSystemTime.KERNEL32(?,?), ref: 00ACBC6C
                                                                                                                                    • Part of subcall function 00ACBC2B: GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00ACBC87
                                                                                                                                    • Part of subcall function 00ACBC2B: GetTimeFormatW.KERNEL32(00000400,?,?,00000000,?,00000032), ref: 00ACBCAE
                                                                                                                                    • Part of subcall function 00ACBC2B: _swprintf.LIBCMT ref: 00ACBCD4
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACD5B7
                                                                                                                                    • Part of subcall function 00AB4A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00AB4A33
                                                                                                                                  • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00ACD5CA
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00ACD5D1
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACD620
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000068,?), ref: 00ACD633
                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00ACD650
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACD683
                                                                                                                                  • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00ACD696
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACD6E0
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000069,?), ref: 00ACD6F3
                                                                                                                                    • Part of subcall function 00ACC093: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00ACC0B9
                                                                                                                                    • Part of subcall function 00ACC093: GetNumberFormatW.KERNEL32(00000400,00000000,?,00AF072C,?,?), ref: 00ACC108
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Item$Time$Text$_swprintf$FileSystem$FormatMessageSend$Find$CloseDateDialogFirstFocusInfoLocalLocaleNumberSpecificWindow__vswprintf_c_l
                                                                                                                                  • String ID: %s %s$REPLACEFILEDLG
                                                                                                                                  • API String ID: 3464475507-439456425
                                                                                                                                  • Opcode ID: 8bef265047a2dfe710bd5f9237cf3dadb42251b81dd986a2a84fc9b466ec795a
                                                                                                                                  • Instruction ID: fa03e30a61493d65b484c8deb770e86e372dc7a09130433520c21377b5ef154d
                                                                                                                                  • Opcode Fuzzy Hash: 8bef265047a2dfe710bd5f9237cf3dadb42251b81dd986a2a84fc9b466ec795a
                                                                                                                                  • Instruction Fuzzy Hash: 4C71F472508304BBE231ABA4DD49FFB77ACEB8A740F45482DF749E6081DA71A9048762
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD0A0A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00AD0A16
                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00AD0AE2
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00AD0B02
                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00AD0B0C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 254469556-0
                                                                                                                                  • Opcode ID: 5c790c4ee76885aa7a08e4772b7dab2b3f26521373e113b7b64af337d4724c5c
                                                                                                                                  • Instruction ID: 981a3cb8a998e0cbf70b432438649c8c3c4520d30da19c57051312066c092035
                                                                                                                                  • Opcode Fuzzy Hash: 5c790c4ee76885aa7a08e4772b7dab2b3f26521373e113b7b64af337d4724c5c
                                                                                                                                  • Instruction Fuzzy Hash: 663129B5D052199BDF20DFA4DD89BCDBBB8BF08304F1042AAE40DAB250EB715A85CF44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACD884 Relevance: 49.4, APIs: 24, Strings: 4, Instructions: 428windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00ACD889
                                                                                                                                    • Part of subcall function 00ACC504: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00ACC5EB
                                                                                                                                  • _wcslen.LIBCMT ref: 00ACDB4F
                                                                                                                                  • _wcslen.LIBCMT ref: 00ACDB58
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00ACDBB6
                                                                                                                                  • _wcslen.LIBCMT ref: 00ACDBF8
                                                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 00ACDD40
                                                                                                                                  • GetDlgItem.USER32(?,00000066), ref: 00ACDD7B
                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00ACDD8B
                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,00B0389A), ref: 00ACDD99
                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00ACDDC4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                                                                  • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                                                  • API String ID: 2804936435-312220925
                                                                                                                                  • Opcode ID: c1488e4f696539584ed8fc45d25dbf7b54968ca3542244eda9e4e51a56649276
                                                                                                                                  • Instruction ID: b6cc5c8ec8c5b37d4d02f0bd3b411597fef69e404b525aa8e623696bea122fc3
                                                                                                                                  • Opcode Fuzzy Hash: c1488e4f696539584ed8fc45d25dbf7b54968ca3542244eda9e4e51a56649276
                                                                                                                                  • Instruction Fuzzy Hash: D9E162B2900258ABDF25DBA4DD85FEE73BCEB04350F4544AAF609E7150EF749E848B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB7AAF Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 337fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00AB7AB4
                                                                                                                                  • _wcslen.LIBCMT ref: 00AB7B1D
                                                                                                                                  • _wcslen.LIBCMT ref: 00AB7B8E
                                                                                                                                    • Part of subcall function 00AB8704: GetCurrentProcess.KERNEL32(00000020,?), ref: 00AB8713
                                                                                                                                    • Part of subcall function 00AB8704: OpenProcessToken.ADVAPI32(00000000), ref: 00AB871A
                                                                                                                                    • Part of subcall function 00AB8704: GetLastError.KERNEL32 ref: 00AB8759
                                                                                                                                    • Part of subcall function 00AB8704: CloseHandle.KERNEL32(?), ref: 00AB8768
                                                                                                                                    • Part of subcall function 00ABB470: DeleteFileW.KERNELBASE(?,00000000,?,00ABA438,?,?,?,?,00AB892B,?,?,?,00AE380F,000000FF), ref: 00ABB481
                                                                                                                                    • Part of subcall function 00ABB470: DeleteFileW.KERNEL32(?,?,?,00000800,?,00ABA438,?,?,?,?,00AB892B,?,?,?,00AE380F,000000FF), ref: 00ABB4AF
                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00AB7C43
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00AB7C5F
                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00AB7DAB
                                                                                                                                    • Part of subcall function 00ABB032: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00AB7ED0,?,?,?,00000000), ref: 00ABB04C
                                                                                                                                    • Part of subcall function 00ABB032: SetFileTime.KERNELBASE(?,?,?,?), ref: 00ABB100
                                                                                                                                    • Part of subcall function 00ABA880: FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00ABA83D,?,?,?,?,?,00AE380F,000000FF), ref: 00ABA89B
                                                                                                                                    • Part of subcall function 00ABB8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00ABB5B5,?,?,?,00ABB405,?,00000001,00000000,?,?), ref: 00ABB8FA
                                                                                                                                    • Part of subcall function 00ABB8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00ABB5B5,?,?,?,00ABB405,?,00000001,00000000,?,?), ref: 00ABB92B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Close$AttributesCreateDeleteHandleProcess_wcslen$BuffersChangeCurrentErrorFindFlushH_prologLastNotificationOpenTimeToken
                                                                                                                                  • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                                  • API String ID: 1504485742-3508440684
                                                                                                                                  • Opcode ID: 8f598b65d434e7bc7165a2d8c9a4ec3b42219cd2132c0e5c405a845141e0f61c
                                                                                                                                  • Instruction ID: 4c65c745c226a0e8ff8ecc7774ae386d502547ceb142b16370033c22899f4b14
                                                                                                                                  • Opcode Fuzzy Hash: 8f598b65d434e7bc7165a2d8c9a4ec3b42219cd2132c0e5c405a845141e0f61c
                                                                                                                                  • Instruction Fuzzy Hash: CBC1D771904248AEDB21DBA4CD85FEEB7ACBF44314F00455AF546E7243DBB4EA44CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABF608 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _swprintf.LIBCMT ref: 00ABF62E
                                                                                                                                    • Part of subcall function 00AB4A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00AB4A33
                                                                                                                                    • Part of subcall function 00AC30F5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00AF3070,00000200,00ABEC48,00000000,?,00000050,00AF3070), ref: 00AC3112
                                                                                                                                  • _strlen.LIBCMT ref: 00ABF64F
                                                                                                                                  • SetDlgItemTextW.USER32(?,00AF0274,?), ref: 00ABF6AF
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00ABF6E9
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00ABF6F5
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00ABF795
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00ABF7C2
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00ABF7FB
                                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 00ABF803
                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 00ABF80E
                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00ABF83B
                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 00ABF8AD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                                                  • String ID: $%s:$CAPTION$d
                                                                                                                                  • API String ID: 2407758923-2512411981
                                                                                                                                  • Opcode ID: 4432d3ac765ae6585738b9cdbb74ae067a490a7929ffa7360c83e9907eec39fc
                                                                                                                                  • Instruction ID: 906f364f105350a666499eb1ab5f791da1aeb6f37cbd70d6f1c4415c8442b4dc
                                                                                                                                  • Opcode Fuzzy Hash: 4432d3ac765ae6585738b9cdbb74ae067a490a7929ffa7360c83e9907eec39fc
                                                                                                                                  • Instruction Fuzzy Hash: 6D81B172108301AFD711DFA8CD89EAFBBE8EBC9704F04492DFA84A7251D671E8058B52
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADDCE2 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 00ADDD26
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD8DE
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD8F0
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD902
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD914
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD926
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD938
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD94A
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD95C
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD96E
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD980
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD992
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD9A4
                                                                                                                                    • Part of subcall function 00ADD8C1: _free.LIBCMT ref: 00ADD9B6
                                                                                                                                  • _free.LIBCMT ref: 00ADDD1B
                                                                                                                                    • Part of subcall function 00ADA66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00ADDA56,00AE4ADC,00000000,00AE4ADC,00000000,?,00ADDA7D,00AE4ADC,00000007,00AE4ADC,?,00ADDE7A,00AE4ADC), ref: 00ADA680
                                                                                                                                    • Part of subcall function 00ADA66A: GetLastError.KERNEL32(00AE4ADC,?,00ADDA56,00AE4ADC,00000000,00AE4ADC,00000000,?,00ADDA7D,00AE4ADC,00000007,00AE4ADC,?,00ADDE7A,00AE4ADC,00AE4ADC), ref: 00ADA692
                                                                                                                                  • _free.LIBCMT ref: 00ADDD3D
                                                                                                                                  • _free.LIBCMT ref: 00ADDD52
                                                                                                                                  • _free.LIBCMT ref: 00ADDD5D
                                                                                                                                  • _free.LIBCMT ref: 00ADDD7F
                                                                                                                                  • _free.LIBCMT ref: 00ADDD92
                                                                                                                                  • _free.LIBCMT ref: 00ADDDA0
                                                                                                                                  • _free.LIBCMT ref: 00ADDDAB
                                                                                                                                  • _free.LIBCMT ref: 00ADDDE3
                                                                                                                                  • _free.LIBCMT ref: 00ADDDEA
                                                                                                                                  • _free.LIBCMT ref: 00ADDE07
                                                                                                                                  • _free.LIBCMT ref: 00ADDE1F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                  • Opcode ID: 3789561d1557ee2e7b9716383e008f294514056a05ae9ab2096c608fdbac4178
                                                                                                                                  • Instruction ID: ecfd9ce911d8e08d85972e26a89194d6e521ed47a4a58a67faa86f42fcbe13e4
                                                                                                                                  • Opcode Fuzzy Hash: 3789561d1557ee2e7b9716383e008f294514056a05ae9ab2096c608fdbac4178
                                                                                                                                  • Instruction Fuzzy Hash: 26313731605304DFEF20AB78D945B5AB7EABB20710F18486BF4AA9B351DE31EC80CA55
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACE7EE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 00ACE811
                                                                                                                                  • GetClassNameW.USER32(00000000,?,00000800), ref: 00ACE83D
                                                                                                                                    • Part of subcall function 00AC3316: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00013316,00ABD523,00000000,.exe,?,?,00000800,?,?,?,00AC9E5C), ref: 00AC332C
                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 00ACE859
                                                                                                                                  • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00ACE870
                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 00ACE884
                                                                                                                                  • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00ACE8AD
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00ACE8B4
                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 00ACE8BD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                                                                  • String ID: STATIC
                                                                                                                                  • API String ID: 3820355801-1882779555
                                                                                                                                  • Opcode ID: 399a075687ff59988fec9b3365b8b19eb240f8cc2d47b6f4a85038aecd0a8ecd
                                                                                                                                  • Instruction ID: 39ff3c929b6064aa481abbc520931df2459d6de641cb8e0264654c1413983a11
                                                                                                                                  • Opcode Fuzzy Hash: 399a075687ff59988fec9b3365b8b19eb240f8cc2d47b6f4a85038aecd0a8ecd
                                                                                                                                  • Instruction Fuzzy Hash: 4411E732540711BBE631AB709C4AFAF369DAF94710F428538FA41BA0D2DF648E0547B5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADA421 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 00ADA435
                                                                                                                                    • Part of subcall function 00ADA66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00ADDA56,00AE4ADC,00000000,00AE4ADC,00000000,?,00ADDA7D,00AE4ADC,00000007,00AE4ADC,?,00ADDE7A,00AE4ADC), ref: 00ADA680
                                                                                                                                    • Part of subcall function 00ADA66A: GetLastError.KERNEL32(00AE4ADC,?,00ADDA56,00AE4ADC,00000000,00AE4ADC,00000000,?,00ADDA7D,00AE4ADC,00000007,00AE4ADC,?,00ADDE7A,00AE4ADC,00AE4ADC), ref: 00ADA692
                                                                                                                                  • _free.LIBCMT ref: 00ADA441
                                                                                                                                  • _free.LIBCMT ref: 00ADA44C
                                                                                                                                  • _free.LIBCMT ref: 00ADA457
                                                                                                                                  • _free.LIBCMT ref: 00ADA462
                                                                                                                                  • _free.LIBCMT ref: 00ADA46D
                                                                                                                                  • _free.LIBCMT ref: 00ADA478
                                                                                                                                  • _free.LIBCMT ref: 00ADA483
                                                                                                                                  • _free.LIBCMT ref: 00ADA48E
                                                                                                                                  • _free.LIBCMT ref: 00ADA49C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 9adcbc7ab9d0089db26c7225016c111ab2b49a93c5c32ea959ebededa2cd526a
                                                                                                                                  • Instruction ID: 8cbebd6a35febe3b0a196bb215aa35e0fc5874de6a3ac5a099354490cbaa6226
                                                                                                                                  • Opcode Fuzzy Hash: 9adcbc7ab9d0089db26c7225016c111ab2b49a93c5c32ea959ebededa2cd526a
                                                                                                                                  • Instruction Fuzzy Hash: 2211A476110108EFCB01EF54CA52CD93BB9EF24750F4985A6FA1A8F222DA31EE519B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD3FC1 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                  • API String ID: 322700389-393685449
                                                                                                                                  • Opcode ID: e9ff80c5a1c663c427f4ffa562da873df55c78220967c3f5d77329f7a5c8fd67
                                                                                                                                  • Instruction ID: 8eb14742a643ee746da09961abba95f4b45fb11a1b677c08f90b9fec3a0e1405
                                                                                                                                  • Opcode Fuzzy Hash: e9ff80c5a1c663c427f4ffa562da873df55c78220967c3f5d77329f7a5c8fd67
                                                                                                                                  • Instruction Fuzzy Hash: C8B16676800209EFCF25DFA4C9819AEBBB5FF18310B14416BF8166B316D735EA51CB92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACA6D1 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 00ACA6F6
                                                                                                                                  • _wcslen.LIBCMT ref: 00ACA796
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00ACA7A5
                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00ACA7C6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$AllocByteCharGlobalMultiWide
                                                                                                                                  • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                                  • API String ID: 1116704506-4209811716
                                                                                                                                  • Opcode ID: f7f8024568891acfede4e42737a257f95baffa618329feb0412bb68521d2f888
                                                                                                                                  • Instruction ID: 6c3bedbbc80d416a3f9a324a45fef3a52757e4b88469863d32fc52ccf29862ca
                                                                                                                                  • Opcode Fuzzy Hash: f7f8024568891acfede4e42737a257f95baffa618329feb0412bb68521d2f888
                                                                                                                                  • Instruction Fuzzy Hash: AC3175325043497BE725AB70AC02F7FB7ACAF61324F05040FF5029A2D1EF68890583A6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACC7B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00AB12F6: GetDlgItem.USER32(00000000,00003021), ref: 00AB133A
                                                                                                                                    • Part of subcall function 00AB12F6: SetWindowTextW.USER32(00000000,00AE45F4), ref: 00AB1350
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00ACC800
                                                                                                                                  • SendMessageW.USER32(?,00000080,00000001,0003044F), ref: 00ACC827
                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00ACC840
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00ACC851
                                                                                                                                  • GetDlgItem.USER32(?,00000065), ref: 00ACC85A
                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00ACC86E
                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00ACC884
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                                                  • String ID: LICENSEDLG
                                                                                                                                  • API String ID: 3214253823-2177901306
                                                                                                                                  • Opcode ID: 034094cd7bd0ba879339a0b94bd4953c8ef03f62243ad3e1b0037d99d318a7b6
                                                                                                                                  • Instruction ID: e8b2d37867681cddf2e50e026e36f293477b094c7069f3eda582e79ef439d566
                                                                                                                                  • Opcode Fuzzy Hash: 034094cd7bd0ba879339a0b94bd4953c8ef03f62243ad3e1b0037d99d318a7b6
                                                                                                                                  • Instruction Fuzzy Hash: 7121F932640200BBD6219F79EC49FBB3B6CEB46B95F428418F704E71A0CF5198119771
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABB5D6 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 87COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 00ABB5E2
                                                                                                                                    • Part of subcall function 00AC2701: GetSystemTime.KERNEL32(?), ref: 00AC270F
                                                                                                                                    • Part of subcall function 00AC2701: SystemTimeToFileTime.KERNEL32(?,?), ref: 00AC271D
                                                                                                                                    • Part of subcall function 00AC26AA: __aulldiv.LIBCMT ref: 00AC26B3
                                                                                                                                  • __aulldiv.LIBCMT ref: 00ABB60E
                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,000186A0,00000000,?,?,00000800,?), ref: 00ABB615
                                                                                                                                  • _swprintf.LIBCMT ref: 00ABB640
                                                                                                                                    • Part of subcall function 00AB4A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00AB4A33
                                                                                                                                  • _wcslen.LIBCMT ref: 00ABB64A
                                                                                                                                  • _swprintf.LIBCMT ref: 00ABB6A0
                                                                                                                                  • _wcslen.LIBCMT ref: 00ABB6AA
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time_wcslen$System__aulldiv_swprintf$CurrentFileProcess__vswprintf_c_l
                                                                                                                                  • String ID: %u.%03u
                                                                                                                                  • API String ID: 2956649372-1114938957
                                                                                                                                  • Opcode ID: 8a8e747a84c369317c2a821417e09a65058a75d5b63de630d24718f84c7e9188
                                                                                                                                  • Instruction ID: e14796b93183d0ef9526ac3c6a191e8993b671cf9678ab7ad07d9f6c28917c1d
                                                                                                                                  • Opcode Fuzzy Hash: 8a8e747a84c369317c2a821417e09a65058a75d5b63de630d24718f84c7e9188
                                                                                                                                  • Instruction Fuzzy Hash: 2621A172A14300AFD210EF65CC86E9B77ECEB98710F00492EF546E3252DB74DA0887B6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACBC2B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00ACBC3F
                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00ACBC50
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00ACBC5E
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00ACBC6C
                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00ACBC87
                                                                                                                                  • GetTimeFormatW.KERNEL32(00000400,?,?,00000000,?,00000032), ref: 00ACBCAE
                                                                                                                                  • _swprintf.LIBCMT ref: 00ACBCD4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$System$File$Format$DateLocalSpecific_swprintf
                                                                                                                                  • String ID: %s %s
                                                                                                                                  • API String ID: 385609497-2939940506
                                                                                                                                  • Opcode ID: 8aa5c50a7e0d0b94b6e68a1f1fed31fc3baf28e7a61eb6f03cc25140da04a196
                                                                                                                                  • Instruction ID: 2996a741e0b9f2937ad7aa95d8b783762fc01e1513a557b7e733823c17a89e82
                                                                                                                                  • Opcode Fuzzy Hash: 8aa5c50a7e0d0b94b6e68a1f1fed31fc3baf28e7a61eb6f03cc25140da04a196
                                                                                                                                  • Instruction Fuzzy Hash: 3421C4B254119CABDB21DFA1EC85EEF3BADFF19344F04052AFA05D6111E720DA4A8B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD0ED0 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00ABC43F,00ABC441,00000000,00000000,7323EB4B,00000001,00000000,00000000,00ABC32C,?,?,?,00ABC43F,ROOT\CIMV2), ref: 00AD0F59
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00ABC43F,?,00000000,00000000,?,?,?,?,?,00ABC43F), ref: 00AD0FD4
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00AD0FDF
                                                                                                                                  • _com_issue_error.COMSUPP ref: 00AD1008
                                                                                                                                  • _com_issue_error.COMSUPP ref: 00AD1012
                                                                                                                                  • GetLastError.KERNEL32(80070057,7323EB4B,00000001,00000000,00000000,00ABC32C,?,?,?,00ABC43F,ROOT\CIMV2), ref: 00AD1017
                                                                                                                                  • _com_issue_error.COMSUPP ref: 00AD102A
                                                                                                                                  • GetLastError.KERNEL32(00000000,?,00ABC43F,ROOT\CIMV2), ref: 00AD1040
                                                                                                                                  • _com_issue_error.COMSUPP ref: 00AD1053
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1353541977-0
                                                                                                                                  • Opcode ID: 99ea10b4cdda20390049d52e6300fab604015996ca2d4b37ee862f982c1124c7
                                                                                                                                  • Instruction ID: 5bddcd4eca93691f8d966753e7fa99f8762cb5b36d8b86194dcd9ee4c884cb4a
                                                                                                                                  • Opcode Fuzzy Hash: 99ea10b4cdda20390049d52e6300fab604015996ca2d4b37ee862f982c1124c7
                                                                                                                                  • Instruction Fuzzy Hash: 5A41D671A00255ABDB10EFA8DC45FAEBBB9EF48750F20462BF507E7340D735A94087A5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABC3F7 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                                                                  • API String ID: 3519838083-3505469590
                                                                                                                                  • Opcode ID: d64307e905f162ae07d785f044bfc8a3e2d47dedcec1f7d3d595d90ff868cb1f
                                                                                                                                  • Instruction ID: 0d6c0ba74329e94292afe6f21e36ded8f9640b7703db4952a23445fcd74ccfba
                                                                                                                                  • Opcode Fuzzy Hash: d64307e905f162ae07d785f044bfc8a3e2d47dedcec1f7d3d595d90ff868cb1f
                                                                                                                                  • Instruction Fuzzy Hash: 2B711C71A00219AFDB14DFA5CC99DEEB7BDFF48720B144559E516E72A1CB30AD02CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABA5E9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00ABA5EE
                                                                                                                                  • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00ABA611
                                                                                                                                  • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00ABA630
                                                                                                                                    • Part of subcall function 00ABD6A7: _wcslen.LIBCMT ref: 00ABD6AF
                                                                                                                                    • Part of subcall function 00AC3316: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00013316,00ABD523,00000000,.exe,?,?,00000800,?,?,?,00AC9E5C), ref: 00AC332C
                                                                                                                                  • _swprintf.LIBCMT ref: 00ABA6CC
                                                                                                                                    • Part of subcall function 00AB4A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00AB4A33
                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00ABA73B
                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00ABA77B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                                                                  • String ID: rtmp%d
                                                                                                                                  • API String ID: 3726343395-3303766350
                                                                                                                                  • Opcode ID: 07608a58ea1a9a5afe049775d036cec3ddaad4dedde464d9f52fe9a2144ccb58
                                                                                                                                  • Instruction ID: 1e3c9ce5ad7fbf1ff634fcfa7d795acc77ac9fa1e5f78b041aa6befdd51f482e
                                                                                                                                  • Opcode Fuzzy Hash: 07608a58ea1a9a5afe049775d036cec3ddaad4dedde464d9f52fe9a2144ccb58
                                                                                                                                  • Instruction Fuzzy Hash: D1416D729106A8AACF20EBA0CD94EEF737CBF65340F0404A9B545E7047EB348B859F61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC2538 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __aulldiv.LIBCMT ref: 00AC254E
                                                                                                                                    • Part of subcall function 00ABC619: GetVersionExW.KERNEL32(?), ref: 00ABC63E
                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,00000001), ref: 00AC2571
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,00000001), ref: 00AC2583
                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00AC2594
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00AC25A4
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00AC25B4
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00AC25EF
                                                                                                                                  • __aullrem.LIBCMT ref: 00AC2699
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1247370737-0
                                                                                                                                  • Opcode ID: 6cec33ab2abcda03414b6fe3c445e6dcf7a6838da3476cfe225ddfe61cb6fa05
                                                                                                                                  • Instruction ID: 21dc1d0c3fc04ba140064efdc336dc00c7f565ccc27713c20ef3ee744289af41
                                                                                                                                  • Opcode Fuzzy Hash: 6cec33ab2abcda03414b6fe3c445e6dcf7a6838da3476cfe225ddfe61cb6fa05
                                                                                                                                  • Instruction Fuzzy Hash: 0E4107B1548345AFC710DF65C884E6BBBF9FB88714F018A2EF596C6210E738E549CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACAD1E Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID: </p>$</style>$<br>$<style>$>
                                                                                                                                  • API String ID: 176396367-3568243669
                                                                                                                                  • Opcode ID: 29311ff5a0b69c99c3af5fd747dfc3edf9e77d2d27adfe461ee5a8d5847f31d2
                                                                                                                                  • Instruction ID: c5759bc7f3cada4abbadb9639d00d7fdc94cea9db75c80be72c28587baf127a0
                                                                                                                                  • Opcode Fuzzy Hash: 29311ff5a0b69c99c3af5fd747dfc3edf9e77d2d27adfe461ee5a8d5847f31d2
                                                                                                                                  • Instruction Fuzzy Hash: E2512666A4036B91DB315B289811FB673E0DF70759F66841FF9829B6C0FA648D8182A2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AE084D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00AE0FC2,00000000,00000000,00000000,00000000,00000000,?), ref: 00AE088F
                                                                                                                                  • __fassign.LIBCMT ref: 00AE090A
                                                                                                                                  • __fassign.LIBCMT ref: 00AE0925
                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00AE094B
                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000000,00AE0FC2,00000000,?,?,?,?,?,?,?,?,?,00AE0FC2,00000000), ref: 00AE096A
                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000001,00AE0FC2,00000000,?,?,?,?,?,?,?,?,?,00AE0FC2,00000000), ref: 00AE09A3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                  • Opcode ID: 65ac2b5b0e88bffd38cd1677965a9a8155f818a34a158af8d181c10ba26b0f04
                                                                                                                                  • Instruction ID: b02ae9d9f5325ab1a9d24f6d3f10490d27837bad28ee3dfba7ab74bdfaaa38f7
                                                                                                                                  • Opcode Fuzzy Hash: 65ac2b5b0e88bffd38cd1677965a9a8155f818a34a158af8d181c10ba26b0f04
                                                                                                                                  • Instruction Fuzzy Hash: 64519471A00289AFDB10CFA9DC85FEEBBF8EF09310F14415AE556E7252D7709981CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD3A90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00AD3AC7
                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00AD3ACF
                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00AD3B58
                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00AD3B83
                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00AD3BD8
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                  • String ID: csm
                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                  • Opcode ID: e26bbf85f229b8f60564ba1e99e2b81a36c47db509f1272fac4b9f962c3b1674
                                                                                                                                  • Instruction ID: 7cedcc62892a9d7ea73f79772d15973bfe112102fd81d274badc4d69015eaf23
                                                                                                                                  • Opcode Fuzzy Hash: e26bbf85f229b8f60564ba1e99e2b81a36c47db509f1272fac4b9f962c3b1674
                                                                                                                                  • Instruction Fuzzy Hash: 0041D575A01218AFCF10DF69C885A9EBBB4FF45314F148197E8165B362C771EB05CB92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACAEF5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00ACAF0E
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00ACAF64
                                                                                                                                  • ShowWindow.USER32(?,00000005,00000000), ref: 00ACB001
                                                                                                                                  • SetWindowTextW.USER32(?,00000000), ref: 00ACB009
                                                                                                                                  • ShowWindow.USER32(00000000,00000005), ref: 00ACB01F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Show$RectText
                                                                                                                                  • String ID: RarHtmlClassName
                                                                                                                                  • API String ID: 3937224194-1658105358
                                                                                                                                  • Opcode ID: 82b42877974aa540bf113eaf0cfd1297314d9ace1b0216fb615dcb30b918725b
                                                                                                                                  • Instruction ID: 7f550be4f3fe27d2cfc4cf888bb8642ec721ae747e5c71d273bd5ac2cf2015e8
                                                                                                                                  • Opcode Fuzzy Hash: 82b42877974aa540bf113eaf0cfd1297314d9ace1b0216fb615dcb30b918725b
                                                                                                                                  • Instruction Fuzzy Hash: 4C41EF71404208FFCB229F60DD49FAB7BA8EB48305F55865DF849AA062DB70D814CBA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACA975 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                                  • API String ID: 176396367-3743748572
                                                                                                                                  • Opcode ID: c437bcf4cdb76f015ad6838201b19b2227a16d040834bd1df6a46884c0e102ab
                                                                                                                                  • Instruction ID: 85eb696bb35a2a6dec2555f285647fda4c6fd897a3e5215a47c78ca390b21194
                                                                                                                                  • Opcode Fuzzy Hash: c437bcf4cdb76f015ad6838201b19b2227a16d040834bd1df6a46884c0e102ab
                                                                                                                                  • Instruction Fuzzy Hash: 9B319271A44709A7DA34BB549D42F7A73E4EB60368F11841FF446573C0F660AD54C357
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADDA64 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00ADDA28: _free.LIBCMT ref: 00ADDA51
                                                                                                                                  • _free.LIBCMT ref: 00ADDAB2
                                                                                                                                    • Part of subcall function 00ADA66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00ADDA56,00AE4ADC,00000000,00AE4ADC,00000000,?,00ADDA7D,00AE4ADC,00000007,00AE4ADC,?,00ADDE7A,00AE4ADC), ref: 00ADA680
                                                                                                                                    • Part of subcall function 00ADA66A: GetLastError.KERNEL32(00AE4ADC,?,00ADDA56,00AE4ADC,00000000,00AE4ADC,00000000,?,00ADDA7D,00AE4ADC,00000007,00AE4ADC,?,00ADDE7A,00AE4ADC,00AE4ADC), ref: 00ADA692
                                                                                                                                  • _free.LIBCMT ref: 00ADDABD
                                                                                                                                  • _free.LIBCMT ref: 00ADDAC8
                                                                                                                                  • _free.LIBCMT ref: 00ADDB1C
                                                                                                                                  • _free.LIBCMT ref: 00ADDB27
                                                                                                                                  • _free.LIBCMT ref: 00ADDB32
                                                                                                                                  • _free.LIBCMT ref: 00ADDB3D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: ed90a822092467ab948ce4ab8a4e5ff1fef504289117e408d2aed02f462530fb
                                                                                                                                  • Instruction ID: 8d5f213aed83ed0c13a6383f1932504bf927433c848cfc90e34b848ece1d05ef
                                                                                                                                  • Opcode Fuzzy Hash: ed90a822092467ab948ce4ab8a4e5ff1fef504289117e408d2aed02f462530fb
                                                                                                                                  • Instruction Fuzzy Hash: B0117F71954B04EAD620B7B1CD07FCB7BACBF24740F448C16B2AF6A262DA64B5054751
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF77A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00ACF7F5,00ACF758,00ACF9F9), ref: 00ACF791
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00ACF7A7
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00ACF7BC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                  • API String ID: 667068680-1718035505
                                                                                                                                  • Opcode ID: d3c8ae8a50be83229553d1df5b457c61768b0ad5fc25e1183b5747428d6ed903
                                                                                                                                  • Instruction ID: 3a8f7e4b0a4c4ef3691b9f353b7948e58cac6f10bf85d53794b417eb644e3f99
                                                                                                                                  • Opcode Fuzzy Hash: d3c8ae8a50be83229553d1df5b457c61768b0ad5fc25e1183b5747428d6ed903
                                                                                                                                  • Instruction Fuzzy Hash: B4F02B31751262AF9B308FB55DC5FB622DE9A05761323083FEA25D7144E614CD4147E0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC2799 Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00AC27F1
                                                                                                                                    • Part of subcall function 00ABC619: GetVersionExW.KERNEL32(?), ref: 00ABC63E
                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00AC2815
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00AC282F
                                                                                                                                  • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00AC2842
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00AC2852
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00AC2862
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2092733347-0
                                                                                                                                  • Opcode ID: ed55ab57fa154b5f7c62bbae9042b2359dd563a812d48a5bdd490221fa508ed6
                                                                                                                                  • Instruction ID: 4af8fdaa837d1c1ee051ee6c96a54aa9e8fa7da9a24e55a31fcb41240abdd678
                                                                                                                                  • Opcode Fuzzy Hash: ed55ab57fa154b5f7c62bbae9042b2359dd563a812d48a5bdd490221fa508ed6
                                                                                                                                  • Instruction Fuzzy Hash: 7B31F675108356ABC704DFA8D89499BBBE8BF9C714F005A2EF999C3210E730D549CBA6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD3C8A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,?,00AD3C81,00AD3A3C,00AD0BF4), ref: 00AD3C98
                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00AD3CA6
                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00AD3CBF
                                                                                                                                  • SetLastError.KERNEL32(00000000,00AD3C81,00AD3A3C,00AD0BF4), ref: 00AD3D11
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                  • Opcode ID: 97269f8cdfc3ca986a1d7f3c01a183155b9ddd6e96a6dc6f5f788e71fcaa57c8
                                                                                                                                  • Instruction ID: ae2060d8682be2bdb581e30599dfdc2a9b133500c509349fcfcc1b19a7ecf8d9
                                                                                                                                  • Opcode Fuzzy Hash: 97269f8cdfc3ca986a1d7f3c01a183155b9ddd6e96a6dc6f5f788e71fcaa57c8
                                                                                                                                  • Instruction Fuzzy Hash: B6014C331197112FAA1037F47D85A6B3B64EB05774F30063BF212653E2EF112D019A81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADA515 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,00AF3070,00AD5982,00AF3070,?,?,00AD5281,00000050,?,00AF3070,00000200), ref: 00ADA519
                                                                                                                                  • _free.LIBCMT ref: 00ADA54C
                                                                                                                                  • _free.LIBCMT ref: 00ADA574
                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00AF3070,00000200), ref: 00ADA581
                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00AF3070,00000200), ref: 00ADA58D
                                                                                                                                  • _abort.LIBCMT ref: 00ADA593
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3160817290-0
                                                                                                                                  • Opcode ID: 5b1305b14997fff1d7dd6400c095a8ed285c362aaefbfd1434c1a07e3cf952a6
                                                                                                                                  • Instruction ID: 74adfb98d21ebe8a15920226884632ea5f1fe3ddae44aec089626a6dc93e5c5f
                                                                                                                                  • Opcode Fuzzy Hash: 5b1305b14997fff1d7dd6400c095a8ed285c362aaefbfd1434c1a07e3cf952a6
                                                                                                                                  • Instruction Fuzzy Hash: 86F02835140901A7C201B3B57E0AF6B3A6A8FE1771F240527FA1B97392EF358D028552
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABD4D2 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00AC1907: _wcslen.LIBCMT ref: 00AC190D
                                                                                                                                    • Part of subcall function 00ABCD5C: _wcsrchr.LIBVCRUNTIME ref: 00ABCD73
                                                                                                                                  • _wcslen.LIBCMT ref: 00ABD5A4
                                                                                                                                  • _wcslen.LIBCMT ref: 00ABD5EC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$_wcsrchr
                                                                                                                                  • String ID: .exe$.rar$.sfx
                                                                                                                                  • API String ID: 3513545583-31770016
                                                                                                                                  • Opcode ID: 784609d926c1a52d15430b3c5bcefb7af622a14e592f18e31c38457415934d96
                                                                                                                                  • Instruction ID: 0b17505b168d0a2d7ef7b8b39d244026c220819b5c0d8a1dd9a12e021f3a7786
                                                                                                                                  • Opcode Fuzzy Hash: 784609d926c1a52d15430b3c5bcefb7af622a14e592f18e31c38457415934d96
                                                                                                                                  • Instruction Fuzzy Hash: A4415A229003509AC731AF74C852ABB77BCFF55758B114A0EF8869B183F7608D81C395
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABCF32 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 00ABCF56
                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00ABB505,?,?,00000800,?,?,00ABB4CA,?), ref: 00ABCFF4
                                                                                                                                  • _wcslen.LIBCMT ref: 00ABD06A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$CurrentDirectory
                                                                                                                                  • String ID: UNC$\\?\
                                                                                                                                  • API String ID: 3341907918-253988292
                                                                                                                                  • Opcode ID: c5ad95e9e1a440e9a482b32ddc23e0ee4f7bea20ca11609093f04649d2ab0eb7
                                                                                                                                  • Instruction ID: 42e8bcb41d217f0691ca403f70aa867604fa29f759774cca556cc1e6c980bde9
                                                                                                                                  • Opcode Fuzzy Hash: c5ad95e9e1a440e9a482b32ddc23e0ee4f7bea20ca11609093f04649d2ab0eb7
                                                                                                                                  • Instruction Fuzzy Hash: 8841D23150025ABACF20BF60CD01EEA777DAF4A360F114469F856A3147F775DA52CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACC8CD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadBitmapW.USER32(00000065), ref: 00ACC8DD
                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 00ACC902
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00ACC934
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00ACC957
                                                                                                                                    • Part of subcall function 00ACB6D2: FindResourceW.KERNELBASE(?,PNG,00000000,?,?,?,00ACC92D,00000066), ref: 00ACB6E5
                                                                                                                                    • Part of subcall function 00ACB6D2: SizeofResource.KERNEL32(00000000,?,?,?,00ACC92D,00000066), ref: 00ACB6FC
                                                                                                                                    • Part of subcall function 00ACB6D2: LoadResource.KERNEL32(00000000,?,?,?,00ACC92D,00000066), ref: 00ACB713
                                                                                                                                    • Part of subcall function 00ACB6D2: LockResource.KERNEL32(00000000,?,?,?,00ACC92D,00000066), ref: 00ACB722
                                                                                                                                    • Part of subcall function 00ACB6D2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00ACC92D,00000066), ref: 00ACB73D
                                                                                                                                    • Part of subcall function 00ACB6D2: GlobalLock.KERNEL32(00000000,?,?,?,?,?,00ACC92D,00000066), ref: 00ACB74E
                                                                                                                                    • Part of subcall function 00ACB6D2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00ACB7B7
                                                                                                                                    • Part of subcall function 00ACB6D2: GlobalUnlock.KERNEL32(00000000), ref: 00ACB7D6
                                                                                                                                    • Part of subcall function 00ACB6D2: GlobalFree.KERNEL32(00000000), ref: 00ACB7DD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: GlobalResource$Object$BitmapDeleteLoadLock$AllocCreateFindFreeFromGdipSizeofUnlock
                                                                                                                                  • String ID: ]
                                                                                                                                  • API String ID: 1428510222-3352871620
                                                                                                                                  • Opcode ID: 7903e397fca06467aaa86385a4a08ea2a2c2515ef755bcc895fab7739a39bb31
                                                                                                                                  • Instruction ID: cdd4f8a432752f6cec07db78809263606115aff4d387c218aef5e3e1e55a1ab3
                                                                                                                                  • Opcode Fuzzy Hash: 7903e397fca06467aaa86385a4a08ea2a2c2515ef755bcc895fab7739a39bb31
                                                                                                                                  • Instruction Fuzzy Hash: F801D636540605A7CB1167B49D0AFBF7A799FC1B61F0A0118F804BB292DF328D0586B0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACE750 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00AB12F6: GetDlgItem.USER32(00000000,00003021), ref: 00AB133A
                                                                                                                                    • Part of subcall function 00AB12F6: SetWindowTextW.USER32(00000000,00AE45F4), ref: 00AB1350
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00ACE79B
                                                                                                                                  • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00ACE7B1
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000066,?), ref: 00ACE7C5
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000068), ref: 00ACE7D4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemText$DialogWindow
                                                                                                                                  • String ID: RENAMEDLG
                                                                                                                                  • API String ID: 445417207-3299779563
                                                                                                                                  • Opcode ID: 6c0982ffb8736712af1f4950190bc3a7ddb8e03898ddfd30dcf98a96c3e6778c
                                                                                                                                  • Instruction ID: c4b1381f7cefdeb68e1c1909a08228616d1991cd7770cff14512a4d2cddd8723
                                                                                                                                  • Opcode Fuzzy Hash: 6c0982ffb8736712af1f4950190bc3a7ddb8e03898ddfd30dcf98a96c3e6778c
                                                                                                                                  • Instruction Fuzzy Hash: 90014C32281310BBE221CF789D48FE73B6DFB99701F418828F301FB0D0CAA259148765
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD9235 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00AD91E6,00000000,?,00AD9186,00000000,00AED570,0000000C,00AD92DD,00000000,00000002), ref: 00AD9255
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00AD9268
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00AD91E6,00000000,?,00AD9186,00000000,00AED570,0000000C,00AD92DD,00000000,00000002), ref: 00AD928B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                  • Opcode ID: 54eafbb3713f4a3ee921bd8862ee63fa3a2956ef9b0521583b7826a562341a7e
                                                                                                                                  • Instruction ID: c993f5128ce3e6e8c5def683e313bb5dafd0f400a1d6b164c26da6c5ee65f582
                                                                                                                                  • Opcode Fuzzy Hash: 54eafbb3713f4a3ee921bd8862ee63fa3a2956ef9b0521583b7826a562341a7e
                                                                                                                                  • Instruction Fuzzy Hash: E9F06830900248BBDB11DFE5DC49BEEBFB8EF48751F000165F906A6260CB349E41CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD3D6A Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AdjustPointer$_abort
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2252061734-0
                                                                                                                                  • Opcode ID: 2b32136a1371b427e75e34792afebe2138f74787ce2a5e007fc6e8da5678d1e5
                                                                                                                                  • Instruction ID: 55a07bef8708b83f2b0680deecb2eda961b055b9d195170a7eac01b95925ee96
                                                                                                                                  • Opcode Fuzzy Hash: 2b32136a1371b427e75e34792afebe2138f74787ce2a5e007fc6e8da5678d1e5
                                                                                                                                  • Instruction Fuzzy Hash: 8D51AD73600206AFDF298F15D991BAA77B5AF54310F14492EE847563A1EB31EE40CB92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADD0F0 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 00ADD0F9
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00ADD11C
                                                                                                                                    • Part of subcall function 00ADA7FE: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00ADDBEC,00000000,?,00AD80B1,?,00000008,?,00ADA871,?,?,?), ref: 00ADA830
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00ADD142
                                                                                                                                  • _free.LIBCMT ref: 00ADD155
                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00ADD164
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 336800556-0
                                                                                                                                  • Opcode ID: 8251e98073279fe96ab6a7ad28f6a334ce0391b1b26c9ff2ed4dd6d182785492
                                                                                                                                  • Instruction ID: 8830c52c5943ce699066419ed5d591809947f49468c8879825b306869b4d17ea
                                                                                                                                  • Opcode Fuzzy Hash: 8251e98073279fe96ab6a7ad28f6a334ce0391b1b26c9ff2ed4dd6d182785492
                                                                                                                                  • Instruction Fuzzy Hash: 2E01A7726012657F272157B66C8CC7F7A7DEEC6BA0315072AFD0AC7300EA648C02D2B1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADA599 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,00AF3070,00000200,00ADA7F0,00AD7596,?,?,?,?,00ABECA4,?,?,?,00000004,00ABEA30,?), ref: 00ADA59E
                                                                                                                                  • _free.LIBCMT ref: 00ADA5D3
                                                                                                                                  • _free.LIBCMT ref: 00ADA5FA
                                                                                                                                  • SetLastError.KERNEL32(00000000,00AE4ADC,00000050,00AF3070), ref: 00ADA607
                                                                                                                                  • SetLastError.KERNEL32(00000000,00AE4ADC,00000050,00AF3070), ref: 00ADA610
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                  • Opcode ID: 5f4368c0d18f88e352a419cfe29c835d8b7bc205fe7712139670489b3c5b6817
                                                                                                                                  • Instruction ID: 4040c1013af670f605a397bd343d7e4e6e3ee734c6e10fa5ca275ca97586d2cd
                                                                                                                                  • Opcode Fuzzy Hash: 5f4368c0d18f88e352a419cfe29c835d8b7bc205fe7712139670489b3c5b6817
                                                                                                                                  • Instruction Fuzzy Hash: DD014436240601E7C60277B52E85E2B366EDBE1771328042BF90792382EF74CD0291AA
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC220D Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00AC24EF: ResetEvent.KERNEL32(?), ref: 00AC2501
                                                                                                                                    • Part of subcall function 00AC24EF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00AC2515
                                                                                                                                  • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00AC2241
                                                                                                                                  • CloseHandle.KERNEL32(?,?), ref: 00AC225B
                                                                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 00AC2274
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00AC2280
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00AC228C
                                                                                                                                    • Part of subcall function 00AC2303: WaitForSingleObject.KERNEL32(?,000000FF,00AC2526,?), ref: 00AC2309
                                                                                                                                    • Part of subcall function 00AC2303: GetLastError.KERNEL32(?), ref: 00AC2315
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1868215902-0
                                                                                                                                  • Opcode ID: 21af301560edce39d08ae37147d56cacf65d24443845b9ca47250d4df89c572b
                                                                                                                                  • Instruction ID: 359caa7adb058b8269514053d1b461b2063310e855de5eb96681b92037a76dfd
                                                                                                                                  • Opcode Fuzzy Hash: 21af301560edce39d08ae37147d56cacf65d24443845b9ca47250d4df89c572b
                                                                                                                                  • Instruction Fuzzy Hash: 7D01B176400B84EFC722DBA4DD88FC6BBADFB08710F01093DF26A52160CB796A56CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADD9BF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 00ADD9D7
                                                                                                                                    • Part of subcall function 00ADA66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00ADDA56,00AE4ADC,00000000,00AE4ADC,00000000,?,00ADDA7D,00AE4ADC,00000007,00AE4ADC,?,00ADDE7A,00AE4ADC), ref: 00ADA680
                                                                                                                                    • Part of subcall function 00ADA66A: GetLastError.KERNEL32(00AE4ADC,?,00ADDA56,00AE4ADC,00000000,00AE4ADC,00000000,?,00ADDA7D,00AE4ADC,00000007,00AE4ADC,?,00ADDE7A,00AE4ADC,00AE4ADC), ref: 00ADA692
                                                                                                                                  • _free.LIBCMT ref: 00ADD9E9
                                                                                                                                  • _free.LIBCMT ref: 00ADD9FB
                                                                                                                                  • _free.LIBCMT ref: 00ADDA0D
                                                                                                                                  • _free.LIBCMT ref: 00ADDA1F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: b562e165d4f0e009a1b35401026f430befe3f00de3c96a66ecd8a524369a96e4
                                                                                                                                  • Instruction ID: ae13ff12ba6b4834fab451615fe3e7320e86a538d2edd32fbc7dd2dd7cdd2cf8
                                                                                                                                  • Opcode Fuzzy Hash: b562e165d4f0e009a1b35401026f430befe3f00de3c96a66ecd8a524369a96e4
                                                                                                                                  • Instruction Fuzzy Hash: E8F01D72515200EB8620EBE8FA86C2A77E9BB14B5076C4C4BF05ED7752CB71FC80CA64
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC3338 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 00AC3340
                                                                                                                                  • _wcslen.LIBCMT ref: 00AC3351
                                                                                                                                  • _wcslen.LIBCMT ref: 00AC3361
                                                                                                                                  • _wcslen.LIBCMT ref: 00AC336F
                                                                                                                                  • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00ABC844,?,?,00000000,?,?,?), ref: 00AC338A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$CompareString
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3397213944-0
                                                                                                                                  • Opcode ID: 9b50640271b4c98c2d6af19c76888f7efd06e63d3ea49c1dd347b8a6eb50596f
                                                                                                                                  • Instruction ID: e3a3fe5ea81cca525141a206ad24b3413a729da57496d9fa1a0fcfbb67481079
                                                                                                                                  • Opcode Fuzzy Hash: 9b50640271b4c98c2d6af19c76888f7efd06e63d3ea49c1dd347b8a6eb50596f
                                                                                                                                  • Instruction Fuzzy Hash: 49F03033008254BFCF126F51DC0ADCE3F26EB99B70B11C016F61A5E161CE32D66196D0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD9CD0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 00AD9CEE
                                                                                                                                    • Part of subcall function 00ADA66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00ADDA56,00AE4ADC,00000000,00AE4ADC,00000000,?,00ADDA7D,00AE4ADC,00000007,00AE4ADC,?,00ADDE7A,00AE4ADC), ref: 00ADA680
                                                                                                                                    • Part of subcall function 00ADA66A: GetLastError.KERNEL32(00AE4ADC,?,00ADDA56,00AE4ADC,00000000,00AE4ADC,00000000,?,00ADDA7D,00AE4ADC,00000007,00AE4ADC,?,00ADDE7A,00AE4ADC,00AE4ADC), ref: 00ADA692
                                                                                                                                  • _free.LIBCMT ref: 00AD9D00
                                                                                                                                  • _free.LIBCMT ref: 00AD9D13
                                                                                                                                  • _free.LIBCMT ref: 00AD9D24
                                                                                                                                  • _free.LIBCMT ref: 00AD9D35
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 90b57e957812fcf24b2b4fea217654c78ac3ec8b44eada938674a4d41b6b6d55
                                                                                                                                  • Instruction ID: 23fc8ea0e8287e8026f9b054f0fd770d45fa864d310277e844ddc02701473279
                                                                                                                                  • Opcode Fuzzy Hash: 90b57e957812fcf24b2b4fea217654c78ac3ec8b44eada938674a4d41b6b6d55
                                                                                                                                  • Instruction Fuzzy Hash: A8F0DAB0812120DFC602AF54FD428953BB1F7267213898A5BF52A973B1CFB189428BC5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC2948 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _swprintf
                                                                                                                                  • String ID: %ls$%s: %s
                                                                                                                                  • API String ID: 589789837-2259941744
                                                                                                                                  • Opcode ID: 77fc7cd1605e82c6754bd6b1dc14985df2a6d786273d9bd79a9582ec986fe7c8
                                                                                                                                  • Instruction ID: f6d410c808fa8da67d9609ed9976d8c62a71e69ed115c323aa33b07ac4915030
                                                                                                                                  • Opcode Fuzzy Hash: 77fc7cd1605e82c6754bd6b1dc14985df2a6d786273d9bd79a9582ec986fe7c8
                                                                                                                                  • Instruction Fuzzy Hash: 4B51F435688300FEEA356B948D02F757279AF04B41F26490EF79BB40E6CAB19950AB17
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD9330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe,00000104), ref: 00AD9370
                                                                                                                                  • _free.LIBCMT ref: 00AD943B
                                                                                                                                  • _free.LIBCMT ref: 00AD9445
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe
                                                                                                                                  • API String ID: 2506810119-4131649268
                                                                                                                                  • Opcode ID: 03e0238f1f08bda5fe8fbbc439ded3dde0f4cb5ed4617388306a76ecb5e7f798
                                                                                                                                  • Instruction ID: c1c910753c90ba22b7a77088be2663fb8ce1420c983ed77a75cca6a37c577f53
                                                                                                                                  • Opcode Fuzzy Hash: 03e0238f1f08bda5fe8fbbc439ded3dde0f4cb5ed4617388306a76ecb5e7f798
                                                                                                                                  • Instruction Fuzzy Hash: C8318FB1A00248EBDB21DF99D981D9FBBFCEB85710B1480ABF5069B341D7708E41CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AD4366 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00AD438B
                                                                                                                                  • _abort.LIBCMT ref: 00AD4496
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EncodePointer_abort
                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                  • API String ID: 948111806-2084237596
                                                                                                                                  • Opcode ID: 59fdd80f1c1b216dbb3a8732ad238e0aecf867e4e285198d129e4d1cbc3ac9af
                                                                                                                                  • Instruction ID: e8c3d0d048b7bab4d99b2ea6da9b2da9aab14777b23647e64997a9ccd0ba0e73
                                                                                                                                  • Opcode Fuzzy Hash: 59fdd80f1c1b216dbb3a8732ad238e0aecf867e4e285198d129e4d1cbc3ac9af
                                                                                                                                  • Instruction Fuzzy Hash: 5C4148B2900209AFCF15DF98DD81AAEBBB5BF4C304F14815AFA066B221D335D9A1DB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB7F1B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00AB7F20
                                                                                                                                    • Part of subcall function 00AB42F1: __EH_prolog.LIBCMT ref: 00AB42F6
                                                                                                                                  • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00AB7FE5
                                                                                                                                    • Part of subcall function 00AB8704: GetCurrentProcess.KERNEL32(00000020,?), ref: 00AB8713
                                                                                                                                    • Part of subcall function 00AB8704: OpenProcessToken.ADVAPI32(00000000), ref: 00AB871A
                                                                                                                                    • Part of subcall function 00AB8704: GetLastError.KERNEL32 ref: 00AB8759
                                                                                                                                    • Part of subcall function 00AB8704: CloseHandle.KERNEL32(?), ref: 00AB8768
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorH_prologLastProcess$CloseCurrentHandleOpenToken
                                                                                                                                  • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                                  • API String ID: 2595646239-639343689
                                                                                                                                  • Opcode ID: 1ac7169a77044515d81f932145477063b17a08bc173634947111e7dc4fab6e8f
                                                                                                                                  • Instruction ID: e82dd736ceb877a14276db4b5f68d5f56c14e87449169e9b655400ea8da349f1
                                                                                                                                  • Opcode Fuzzy Hash: 1ac7169a77044515d81f932145477063b17a08bc173634947111e7dc4fab6e8f
                                                                                                                                  • Instruction Fuzzy Hash: 4631B471940248BEDF21EBA89D45FFE7BADAB48354F004026F505A7193CBB88945DB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACBDE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00AB12F6: GetDlgItem.USER32(00000000,00003021), ref: 00AB133A
                                                                                                                                    • Part of subcall function 00AB12F6: SetWindowTextW.USER32(00000000,00AE45F4), ref: 00AB1350
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00ACBE68
                                                                                                                                  • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00ACBE7D
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000066,?), ref: 00ACBE92
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemText$DialogWindow
                                                                                                                                  • String ID: ASKNEXTVOL
                                                                                                                                  • API String ID: 445417207-3402441367
                                                                                                                                  • Opcode ID: 178249b8ea682d248fb08125d9495d103ddfe18e6192587ca1f8d446eb3869e7
                                                                                                                                  • Instruction ID: 7fdc031cdb1900dc35f6aaca9ddb6dae815cbeb29fafdbbf151be0f4f8781da4
                                                                                                                                  • Opcode Fuzzy Hash: 178249b8ea682d248fb08125d9495d103ddfe18e6192587ca1f8d446eb3869e7
                                                                                                                                  • Instruction Fuzzy Hash: 5511D032610210BFD6219FA8DD0AFE63BADEB4AF40F454418F740AB0B5CB63990597B5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABEC0C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __fprintf_l.LIBCMT ref: 00ABEC74
                                                                                                                                  • _strncpy.LIBCMT ref: 00ABECBA
                                                                                                                                    • Part of subcall function 00AC30F5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00AF3070,00000200,00ABEC48,00000000,?,00000050,00AF3070), ref: 00AC3112
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                                                                  • String ID: $%s$@%s
                                                                                                                                  • API String ID: 562999700-834177443
                                                                                                                                  • Opcode ID: c8aaaa1e1eb509535f48458174946474b6ade33abc37106f2bde8065ec626bf9
                                                                                                                                  • Instruction ID: 7852b26ac1ba1134f71b5ac545b25c07510ddabb17d2d65c79d2bcc5fd8cdf1b
                                                                                                                                  • Opcode Fuzzy Hash: c8aaaa1e1eb509535f48458174946474b6ade33abc37106f2bde8065ec626bf9
                                                                                                                                  • Instruction Fuzzy Hash: CF216D72540248AEEB20EFA4CE46FEE3FECBF06740F040526F91196292E771D6548B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC2166 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00ABC04A,00000008,?,00000000,?,00ABE685,?,00000000), ref: 00AC21A5
                                                                                                                                  • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00ABC04A,00000008,?,00000000,?,00ABE685,?,00000000), ref: 00AC21AF
                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00ABC04A,00000008,?,00000000,?,00ABE685,?,00000000), ref: 00AC21BF
                                                                                                                                  Strings
                                                                                                                                  • Thread pool initialization failed., xrefs: 00AC21D7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                                  • String ID: Thread pool initialization failed.
                                                                                                                                  • API String ID: 3340455307-2182114853
                                                                                                                                  • Opcode ID: 82f9c1423d30aaf7ac4ebc21141ec0c6cf15711b5663f8af3bffa747f048b7a7
                                                                                                                                  • Instruction ID: 9c48910fca9d82609cb3a905b94d4590c7a839b9799146e994363c21396a0c0e
                                                                                                                                  • Opcode Fuzzy Hash: 82f9c1423d30aaf7ac4ebc21141ec0c6cf15711b5663f8af3bffa747f048b7a7
                                                                                                                                  • Instruction Fuzzy Hash: 3D1191B1604709AFC3215FBA9CC4BABFBECFB59344F55492EF2D6C6200DA7159418B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACEE2D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                                  • API String ID: 0-56093855
                                                                                                                                  • Opcode ID: 839f1f4bf0fca56b058be9e4dfd404c4603b0e3d375ce00484195ac4c1ed9eb9
                                                                                                                                  • Instruction ID: b1030068acd2ebf290faa0dd5c4aaba6a78901101bb6bf984d59e32920379c58
                                                                                                                                  • Opcode Fuzzy Hash: 839f1f4bf0fca56b058be9e4dfd404c4603b0e3d375ce00484195ac4c1ed9eb9
                                                                                                                                  • Instruction Fuzzy Hash: 14019E71604244FBDB10CFA9EC08FA67BA8FB193C5B01442AF90983270C7719C91DBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB4957 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 00AB495C
                                                                                                                                    • Part of subcall function 00ACFD1D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00ACFD29
                                                                                                                                    • Part of subcall function 00ACFD1D: ___delayLoadHelper2@8.DELAYIMP ref: 00ACFD4F
                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 00AB4967
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Xinvalid_argumentstd::_$Helper2@8Load___delaystd::invalid_argument::invalid_argument
                                                                                                                                  • String ID: string too long$vector too long
                                                                                                                                  • API String ID: 2355824318-1617939282
                                                                                                                                  • Opcode ID: f370eb430924d3f3f1fc9a64fff9b6adab8e088f569e01fce3f4d5c879fc4b83
                                                                                                                                  • Instruction ID: 672050ae2ca498ef0a9e39a1daa820aa5bd88eb2b21ce39584f5749974e173e2
                                                                                                                                  • Opcode Fuzzy Hash: f370eb430924d3f3f1fc9a64fff9b6adab8e088f569e01fce3f4d5c879fc4b83
                                                                                                                                  • Instruction Fuzzy Hash: 80F0A7312003447F4A24AF59FC45D8BB7EDEF89B50311091AFA45C3603D7B0E9008BB1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACED2E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(sfxcmd,?), ref: 00ACED44
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00ACED80
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnvironmentVariable
                                                                                                                                  • String ID: sfxcmd$sfxpar
                                                                                                                                  • API String ID: 1431749950-3493335439
                                                                                                                                  • Opcode ID: 8004e07fc24e2dfe4e3f3b658d63dec968767c0df418b209c05b15f8f64b1ead
                                                                                                                                  • Instruction ID: 30ab208d1e38fcbc51922e92c60e28bdd292104cec99e6ea9596b93e5605922b
                                                                                                                                  • Opcode Fuzzy Hash: 8004e07fc24e2dfe4e3f3b658d63dec968767c0df418b209c05b15f8f64b1ead
                                                                                                                                  • Instruction Fuzzy Hash: 85F0E572501220BBDF326FD18C45FAA7BACEF2AB81F010559BD869A046E660C880C7F0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADABDA Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __alldvrm$_strrchr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1036877536-0
                                                                                                                                  • Opcode ID: 838d351d10c979b051735ecdd2ea4a95940ff434e8fe6276b15dd9b2de709c18
                                                                                                                                  • Instruction ID: 9659a7055b400692d490f1f153f746855d56646877631500f0d6458e06a587db
                                                                                                                                  • Opcode Fuzzy Hash: 838d351d10c979b051735ecdd2ea4a95940ff434e8fe6276b15dd9b2de709c18
                                                                                                                                  • Instruction Fuzzy Hash: 81A12776A003969FDB22CF68C8917AEBBE5EF75310F18416FE4969B381C6388D41C752
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABB74D Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00AB8D5C,?,?,?), ref: 00ABB7F3
                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000800,?,00AB8D5C,?,?), ref: 00ABB837
                                                                                                                                  • SetFileTime.KERNEL32(?,00AB8AEC,?,00000000,?,00000800,?,00AB8D5C,?,?,?,?,?,?,?,?), ref: 00ABB8B8
                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000800,?,00AB8D5C,?,?,?,?,?,?,?,?,?,?), ref: 00ABB8BF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Create$CloseHandleTime
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2287278272-0
                                                                                                                                  • Opcode ID: 438a57b5e95c88fb4ffd074d9ead85f22bffae54a3f71169b1ff7a69f7586a83
                                                                                                                                  • Instruction ID: dd5d795289e27d0fabc99d078b832a3b5a1efce5b0de491855451859f35222e0
                                                                                                                                  • Opcode Fuzzy Hash: 438a57b5e95c88fb4ffd074d9ead85f22bffae54a3f71169b1ff7a69f7586a83
                                                                                                                                  • Instruction Fuzzy Hash: 6441EE30258380AEE721DF64DC51FEABBECAB84300F04092DF5D197192DBA4DA48DB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB10E0 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 176396367-0
                                                                                                                                  • Opcode ID: 4bbd14934deb9ecf5674b2bc024017e34eed5333911bdd85a13380deab7c34b6
                                                                                                                                  • Instruction ID: 0f78b7e439362f38fd950169ae691a9a09a7110aaa1d4a5f0dec6812b1b7094c
                                                                                                                                  • Opcode Fuzzy Hash: 4bbd14934deb9ecf5674b2bc024017e34eed5333911bdd85a13380deab7c34b6
                                                                                                                                  • Instruction Fuzzy Hash: 4B41C571A006659BCB119FA89D599EE7BBCEF49310F40012AFD06F7245DF34AE498BE0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB851F Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 00AB8532
                                                                                                                                  • _wcslen.LIBCMT ref: 00AB8558
                                                                                                                                  • _wcslen.LIBCMT ref: 00AB85EF
                                                                                                                                  • _wcslen.LIBCMT ref: 00AB8657
                                                                                                                                    • Part of subcall function 00ABB966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00ABB991
                                                                                                                                    • Part of subcall function 00ABB41F: RemoveDirectoryW.KERNEL32(?,?,?,00AB8649,?), ref: 00ABB430
                                                                                                                                    • Part of subcall function 00ABB41F: RemoveDirectoryW.KERNEL32(?,?,?,00000800,?,00AB8649,?), ref: 00ABB45E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$DirectoryRemove$CloseFind
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 973666142-0
                                                                                                                                  • Opcode ID: 13c4833921830cc24cf7045191f17a435417e1473527d55b164f376317025a4e
                                                                                                                                  • Instruction ID: d4d8c6aea0de57feb1dbcd2b706b30476056fee37a3a3385cc891487a813697d
                                                                                                                                  • Opcode Fuzzy Hash: 13c4833921830cc24cf7045191f17a435417e1473527d55b164f376317025a4e
                                                                                                                                  • Instruction Fuzzy Hash: D431C4718002589ACF21AF688D41BEE336DAF58780F04459AF955A715BEF78DE84CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADDB48 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00ADA871,?,00000000,?,00000001,?,?,00000001,00ADA871,?), ref: 00ADDB95
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00ADDC1E
                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00AD80B1,?), ref: 00ADDC30
                                                                                                                                  • __freea.LIBCMT ref: 00ADDC39
                                                                                                                                    • Part of subcall function 00ADA7FE: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00ADDBEC,00000000,?,00AD80B1,?,00000008,?,00ADA871,?,?,?), ref: 00ADA830
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2652629310-0
                                                                                                                                  • Opcode ID: 5ee70698db7ef1380550f6e0c59b321c435c27bb3eef86c4a5a86f9e9a71539f
                                                                                                                                  • Instruction ID: 1c1b4be5cccfaca5e30f38c49a0a64436eed45beb52b9d1aa2f689eb5434067e
                                                                                                                                  • Opcode Fuzzy Hash: 5ee70698db7ef1380550f6e0c59b321c435c27bb3eef86c4a5a86f9e9a71539f
                                                                                                                                  • Instruction Fuzzy Hash: 2D319D72A1020AABDF25DFB4CC85EAE7BA5EF44310F05426AFC06DA250E735DD91CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB8704 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000020,?), ref: 00AB8713
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00AB871A
                                                                                                                                  • GetLastError.KERNEL32 ref: 00AB8759
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00AB8768
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CloseCurrentErrorHandleLastOpenToken
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2767541406-0
                                                                                                                                  • Opcode ID: a64786e0531e68f15561442dc08951faae388255f0cb24d79b2663a586ac8bb3
                                                                                                                                  • Instruction ID: cb26630875b171a379700bcd60563a6f1fc460c1862a525d288be0fddcb35f18
                                                                                                                                  • Opcode Fuzzy Hash: a64786e0531e68f15561442dc08951faae388255f0cb24d79b2663a586ac8bb3
                                                                                                                                  • Instruction Fuzzy Hash: D701B6B5A00209EFEB10DFE4DD89AEE7B6CAB04748F504425B902A2151EF79CE44EA71
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACB673 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDC.USER32(00000000), ref: 00ACB676
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 00ACB685
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00ACB693
                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00ACB6A1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsDevice$Release
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1035833867-0
                                                                                                                                  • Opcode ID: e04face9565c2ab2122c2c123de491c4caca258f53ace796e0321929971ef1a3
                                                                                                                                  • Instruction ID: ad0de55a20d96e6a5ed7d1d4598fd0dae019519e6d682d5c80544debb84fbed5
                                                                                                                                  • Opcode Fuzzy Hash: e04face9565c2ab2122c2c123de491c4caca258f53ace796e0321929971ef1a3
                                                                                                                                  • Instruction Fuzzy Hash: 94E0EC71985E60EBD7319BE0AC1EBEA7B64AB69713F458005FA05A7190CFB044018FE1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACB81C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00ACB6A9: GetDC.USER32(00000000), ref: 00ACB6AD
                                                                                                                                    • Part of subcall function 00ACB6A9: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00ACB6B8
                                                                                                                                    • Part of subcall function 00ACB6A9: ReleaseDC.USER32(00000000,00000000), ref: 00ACB6C3
                                                                                                                                  • GetObjectW.GDI32(?,00000018,?), ref: 00ACB84C
                                                                                                                                    • Part of subcall function 00ACBADE: GetDC.USER32(00000000), ref: 00ACBAE7
                                                                                                                                    • Part of subcall function 00ACBADE: GetObjectW.GDI32(?,00000018,?), ref: 00ACBB16
                                                                                                                                    • Part of subcall function 00ACBADE: ReleaseDC.USER32(00000000,?), ref: 00ACBBAE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ObjectRelease$CapsDevice
                                                                                                                                  • String ID: (
                                                                                                                                  • API String ID: 1061551593-3887548279
                                                                                                                                  • Opcode ID: ea8d1b7584042d1cbd39b1e473c0891739aa27f7fcb90c19b7fa4a0c1dd11349
                                                                                                                                  • Instruction ID: 3bff6389f4927c902422b38dd0949022ba820df650e01788272c08c0183f7097
                                                                                                                                  • Opcode Fuzzy Hash: ea8d1b7584042d1cbd39b1e473c0891739aa27f7fcb90c19b7fa4a0c1dd11349
                                                                                                                                  • Instruction Fuzzy Hash: AE91E375604354AFD610DF65C889E6BBBE8FFC9700F01491EF59AD7260DB31A806CB62
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ADC378 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 00ADC4E4
                                                                                                                                    • Part of subcall function 00AD51E6: IsProcessorFeaturePresent.KERNEL32(00000017,00AD51B8,00000050,00AE4ADC,?,00ABEA30,00000004,00AF3070,?,?,00AD51C5,00000000,00000000,00000000,00000000,00000000), ref: 00AD51E8
                                                                                                                                    • Part of subcall function 00AD51E6: GetCurrentProcess.KERNEL32(C0000417,00AE4ADC,00000050,00AF3070), ref: 00AD520A
                                                                                                                                    • Part of subcall function 00AD51E6: TerminateProcess.KERNEL32(00000000), ref: 00AD5211
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                  • String ID: *?$.
                                                                                                                                  • API String ID: 2667617558-3972193922
                                                                                                                                  • Opcode ID: 972d5fe56fca4318eb32e817472c9c256f93d190f7b8c306b3a3f3d0056a7248
                                                                                                                                  • Instruction ID: 0f61bcd10f014a45b03e2f03439c6b397b260e793da890194f47406de79a923d
                                                                                                                                  • Opcode Fuzzy Hash: 972d5fe56fca4318eb32e817472c9c256f93d190f7b8c306b3a3f3d0056a7248
                                                                                                                                  • Instruction Fuzzy Hash: 155181B5E0020AAFDF14DFA8C885ABDB7B5FF58320F64816AE456E7341E6359E01CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB80BE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 00AB80C3
                                                                                                                                    • Part of subcall function 00AC1907: _wcslen.LIBCMT ref: 00AC190D
                                                                                                                                    • Part of subcall function 00ABB966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00ABB991
                                                                                                                                  • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00AB8262
                                                                                                                                    • Part of subcall function 00ABB8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00ABB5B5,?,?,?,00ABB405,?,00000001,00000000,?,?), ref: 00ABB8FA
                                                                                                                                    • Part of subcall function 00ABB8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00ABB5B5,?,?,?,00ABB405,?,00000001,00000000,?,?), ref: 00ABB92B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                                                                  • String ID: :
                                                                                                                                  • API String ID: 3226429890-336475711
                                                                                                                                  • Opcode ID: 8b3de9acb6d98d12718c6b17d78f7218ff0eff30e815ac02437a456fa3ab1c41
                                                                                                                                  • Instruction ID: d8e0bbec2828de45ca227585a900f99a41017cfce221122b9817aab781f8dc72
                                                                                                                                  • Opcode Fuzzy Hash: 8b3de9acb6d98d12718c6b17d78f7218ff0eff30e815ac02437a456fa3ab1c41
                                                                                                                                  • Instruction Fuzzy Hash: 0D518271900258AAEB25EBA4CD56EEE737DEF45300F0041E9F606A6083DB785F89CF61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACC67E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID: }
                                                                                                                                  • API String ID: 176396367-4239843852
                                                                                                                                  • Opcode ID: 0b774601d90259d63bc5e34080145a2193c9aa6062f13177434850a7be6d236a
                                                                                                                                  • Instruction ID: 5f5f6f0b3d292a17c354e9649a88ecfe2d0ba9cc722da960d91f53cdf9415909
                                                                                                                                  • Opcode Fuzzy Hash: 0b774601d90259d63bc5e34080145a2193c9aa6062f13177434850a7be6d236a
                                                                                                                                  • Instruction Fuzzy Hash: E421A1729043165AD721EB64DA46F6BB3ECDB85760F02042EF648C3241FB65ED4887A6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABCDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _swprintf.LIBCMT ref: 00ABCDE7
                                                                                                                                    • Part of subcall function 00AB4A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00AB4A33
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __vswprintf_c_l_swprintf
                                                                                                                                  • String ID: %c:\
                                                                                                                                  • API String ID: 1543624204-3142399695
                                                                                                                                  • Opcode ID: 955180f706b1ce2abe00ed53101d5585ec71542d9b028dd04694eb49e2395ac9
                                                                                                                                  • Instruction ID: beae9824dfb599ca406b165e6ff1cd2ee506fa13b97c5e207d53315f335496a3
                                                                                                                                  • Opcode Fuzzy Hash: 955180f706b1ce2abe00ed53101d5585ec71542d9b028dd04694eb49e2395ac9
                                                                                                                                  • Instruction Fuzzy Hash: 94012863104311BADA306B799C46DABB7ACEF99770B40441BF445E7183FA30D940C2B1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACEEF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsWindowVisible.USER32(00020440), ref: 00ACEF2A
                                                                                                                                  • DialogBoxParamW.USER32(GETPASSWORD1,00020440,00ACC460,?), ref: 00ACEF65
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogParamVisibleWindow
                                                                                                                                  • String ID: GETPASSWORD1
                                                                                                                                  • API String ID: 3157717868-3292211884
                                                                                                                                  • Opcode ID: a82ed7c3f79c2d0bc948f16b90ef3763dba8d56eda471c091c5c0f3968a7d58f
                                                                                                                                  • Instruction ID: c0816fc2dbebb0bfca1b7373040b2f6e802745654ceb3df241e8c8cd72d8309b
                                                                                                                                  • Opcode Fuzzy Hash: a82ed7c3f79c2d0bc948f16b90ef3763dba8d56eda471c091c5c0f3968a7d58f
                                                                                                                                  • Instruction Fuzzy Hash: 48110835245294BFDB21DFA49C16FFA3B9CAB05791F09805DF845A3092CAA05C84CFB2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC233E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateThread.KERNEL32(00000000,00010000,00AC2480,?,00000000,00000000), ref: 00AC2362
                                                                                                                                  • SetThreadPriority.KERNEL32(?,00000000), ref: 00AC23A9
                                                                                                                                    • Part of subcall function 00AB76E9: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00AB7707
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                                                                  • String ID: CreateThread failed
                                                                                                                                  • API String ID: 2655393344-3849766595
                                                                                                                                  • Opcode ID: b64279c47d99b11602ff993bbf63f33e243d01c0fceb7a13edfb3883f905993a
                                                                                                                                  • Instruction ID: 85df63e068f58270f300c0330e770c2f6b66aa161ac2e1042a0f1acb30aa97fd
                                                                                                                                  • Opcode Fuzzy Hash: b64279c47d99b11602ff993bbf63f33e243d01c0fceb7a13edfb3883f905993a
                                                                                                                                  • Instruction Fuzzy Hash: B301D6B23487466FD724AFA4AC81FA6739CFB44755F11052EF7869A1D1CEE1A8418730
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ACF82F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualQuery.KERNEL32(80000000,00ACF774,0000001C,00ACF969,00000000,?,?,?,?,?,?,?,00ACF774,00000004,00B13D24,00ACF9F9), ref: 00ACF840
                                                                                                                                  • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00ACF774,00000004,00B13D24,00ACF9F9), ref: 00ACF85B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoQuerySystemVirtual
                                                                                                                                  • String ID: D
                                                                                                                                  • API String ID: 401686933-2746444292
                                                                                                                                  • Opcode ID: b92741b9456f59e444bf2f1cada7dcc6b1983a0218d03cd9ebbf4854ed471920
                                                                                                                                  • Instruction ID: da4042d19cc6fb504146b75023474b38adb8f42b5a7891cdf47f9e49329af57c
                                                                                                                                  • Opcode Fuzzy Hash: b92741b9456f59e444bf2f1cada7dcc6b1983a0218d03cd9ebbf4854ed471920
                                                                                                                                  • Instruction Fuzzy Hash: AA01A772600109ABDF14DF69DC05BDE7BEAAFD4324F0DC238AD59DB254EA38D9428780
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AB12F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00ABF608: _swprintf.LIBCMT ref: 00ABF62E
                                                                                                                                    • Part of subcall function 00ABF608: _strlen.LIBCMT ref: 00ABF64F
                                                                                                                                    • Part of subcall function 00ABF608: SetDlgItemTextW.USER32(?,00AF0274,?), ref: 00ABF6AF
                                                                                                                                    • Part of subcall function 00ABF608: GetWindowRect.USER32(?,?), ref: 00ABF6E9
                                                                                                                                    • Part of subcall function 00ABF608: GetClientRect.USER32(?,?), ref: 00ABF6F5
                                                                                                                                  • GetDlgItem.USER32(00000000,00003021), ref: 00AB133A
                                                                                                                                  • SetWindowTextW.USER32(00000000,00AE45F4), ref: 00AB1350
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 2622349952-4108050209
                                                                                                                                  • Opcode ID: 3c5a1cc0f512200cee8a335083d8345046e5b4dfae5493c73d8ec910570b001f
                                                                                                                                  • Instruction ID: 91c92188b359a8b566083adb6e61a23de6c75486b1abc7acdab0bdd4a082848d
                                                                                                                                  • Opcode Fuzzy Hash: 3c5a1cc0f512200cee8a335083d8345046e5b4dfae5493c73d8ec910570b001f
                                                                                                                                  • Instruction Fuzzy Hash: BEF03C30148688BADF665F618C29BF93BDCBB46385F888124FD44994A2EB74C990EA10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00AC2303 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,00AC2526,?), ref: 00AC2309
                                                                                                                                  • GetLastError.KERNEL32(?), ref: 00AC2315
                                                                                                                                    • Part of subcall function 00AB76E9: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00AB7707
                                                                                                                                  Strings
                                                                                                                                  • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00AC231E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                                                  • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                                  • API String ID: 1091760877-2248577382
                                                                                                                                  • Opcode ID: 4f31bed2ea4db7a624836c56e5de5fca74c69a87bf913ee2aff05b31953008c7
                                                                                                                                  • Instruction ID: 7871c18447753f89bff561465dccdf3dcde5eb70e0675ae2619ac7dac8a13c02
                                                                                                                                  • Opcode Fuzzy Hash: 4f31bed2ea4db7a624836c56e5de5fca74c69a87bf913ee2aff05b31953008c7
                                                                                                                                  • Instruction Fuzzy Hash: 0ED02B3280C42133CA0023787C19DAE390D6F61330F600B14F235591E1CAA4094243A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00ABF5BE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,00ABED75,?), ref: 00ABF5C3
                                                                                                                                  • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00ABED75,?), ref: 00ABF5D1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.2277694058.0000000000AB1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.2277667916.0000000000AB0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277730059.0000000000AE4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000AF7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B10000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277753609.0000000000B14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.2277841998.0000000000B15000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ab0000_work.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FindHandleModuleResource
                                                                                                                                  • String ID: RTL
                                                                                                                                  • API String ID: 3537982541-834975271
                                                                                                                                  • Opcode ID: 90cc084b96220a716a5bfeab26b11be382d311950fbe3dc6509f7e70e60e8708
                                                                                                                                  • Instruction ID: ab0e0da7e79c9ba97fa00ee50bad756bfdac33c2233a8073d5cd83d3f62a57c5
                                                                                                                                  • Opcode Fuzzy Hash: 90cc084b96220a716a5bfeab26b11be382d311950fbe3dc6509f7e70e60e8708
                                                                                                                                  • Instruction Fuzzy Hash: AEC0123164539066D630A7B16C4DF832E9C6B08755F050568B601DE5C1DAE9C8418760
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:7%
                                                                                                                                  Dynamic/Decrypted Code Coverage:92.6%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:27
                                                                                                                                  Total number of Limit Nodes:1
                                                                                                                                  execution_graph 59352 327ce40 59353 327ce86 59352->59353 59357 327d020 59353->59357 59360 327d00f 59353->59360 59354 327cf73 59363 327c9d0 59357->59363 59361 327d04e 59360->59361 59362 327c9d0 DuplicateHandle 59360->59362 59361->59354 59362->59361 59364 327d088 DuplicateHandle 59363->59364 59365 327d04e 59364->59365 59365->59354 59349 44d598 59350 44d5a5 VirtualAlloc 59349->59350 59328 3274668 59329 3274684 59328->59329 59330 3274696 59329->59330 59332 32747a0 59329->59332 59333 32747c5 59332->59333 59337 32748a1 59333->59337 59341 32748b0 59333->59341 59339 32748b0 59337->59339 59338 32749b4 59338->59338 59339->59338 59345 3274248 59339->59345 59342 32748d7 59341->59342 59343 32749b4 59342->59343 59344 3274248 CreateActCtxA 59342->59344 59343->59343 59344->59343 59346 3275940 CreateActCtxA 59345->59346 59348 3275a03 59346->59348

                                                                                                                                  Executed Functions

                                                                                                                                  Function 0856A878 Relevance: 13.2, Strings: 10, Instructions: 694COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 888 856a878-856a8a8 890 856a8c0-856a8d0 888->890 891 856a8aa-856a8b3 888->891 895 856a8d2-856a8e8 890->895 896 856a909-856a914 890->896 1076 856a8b5 call 856ab60 891->1076 1077 856a8b5 call 856a878 891->1077 1078 856a8b5 call 856a7a8 891->1078 892 856a8bb 894 856aacd-856aad9 892->894 901 856a8fe-856a904 895->901 902 856a8ea-856a8f9 895->902 899 856a916-856a921 896->899 900 856a923-856a92f 896->900 899->900 906 856a934-856a956 899->906 900->894 901->894 902->894 910 856a99d-856a9b7 906->910 911 856a958-856a978 906->911 917 856aa97-856aaab 910->917 918 856a9bd-856a9cd 910->918 916 856aacb 911->916 916->894 927 856aaad-856aab9 917->927 928 856aabb-856aac1 917->928 919 856aa33-856aa50 918->919 920 856a9cf-856a9d5 918->920 934 856aa57-856aa78 919->934 922 856a9d7-856a9d9 920->922 923 856a9e3-856aa31 920->923 922->923 923->934 927->894 931 856aac3-856aac9 928->931 932 856aadc-856aba9 928->932 931->894 950 856ac77-856ac85 932->950 951 856abaf-856abdb call 856a7a8 932->951 934->916 954 856ac87-856ac9a 950->954 955 856ace1-856ace5 950->955 961 856abfc-856ac00 951->961 962 856abdd-856abf7 951->962 954->955 967 856ac9c-856acbb 954->967 957 856ace7-856acf3 955->957 958 856acf5-856acfc 955->958 957->958 968 856acff-856ad27 957->968 958->968 964 856ac02-856ac0b 961->964 965 856ac21 961->965 980 856b04b-856b057 962->980 969 856ac12-856ac15 964->969 970 856ac0d-856ac10 964->970 971 856ac24-856ac29 965->971 984 856b048 967->984 991 856af3d-856af48 968->991 992 856ad2d-856ad3b 968->992 973 856ac1f 969->973 970->973 971->950 974 856ac2b-856ac2f 971->974 973->971 978 856ac31-856ac4c 974->978 979 856ac68-856ac6e 974->979 978->979 987 856ac4e-856ac54 978->987 979->950 984->980 988 856b05a-856b06e 987->988 989 856ac5a-856ac63 987->989 1004 856b075-856b0d8 988->1004 989->980 999 856af7d-856afb6 991->999 1000 856af4a-856af61 991->1000 996 856b1e5-856b1fd 992->996 997 856ad41-856ad54 992->997 1008 856ad56-856ad63 997->1008 1009 856ad7f-856ad8d 997->1009 1006 856b00c-856b01f 999->1006 1007 856afb8-856afcf 999->1007 1000->999 1016 856af63-856af69 1000->1016 1020 856b0df-856b10f 1004->1020 1011 856b021 1006->1011 1022 856afd8-856afda 1007->1022 1008->1009 1017 856ad65-856ad6b 1008->1017 1009->996 1019 856ad93-856ada8 1009->1019 1011->984 1016->1020 1021 856af6f-856af78 1016->1021 1017->1004 1023 856ad71-856ad7a 1017->1023 1029 856adaa-856adc3 1019->1029 1030 856adc8-856ae40 1019->1030 1040 856b111-856b174 1020->1040 1041 856b17b-856b1de 1020->1041 1021->980 1024 856afdc-856aff9 1022->1024 1025 856affb-856b00a 1022->1025 1023->980 1024->1011 1025->1006 1025->1007 1043 856ae46-856ae4d 1029->1043 1030->1043 1040->1041 1041->996 1043->991 1046 856ae53-856ae8c 1043->1046 1053 856ae8e-856aeb5 call 856a7a8 1046->1053 1054 856aef8-856af0b 1046->1054 1068 856aed6-856aef6 1053->1068 1069 856aeb7-856aed4 1053->1069 1057 856af0d 1054->1057 1057->991 1068->1053 1068->1054 1069->1057 1076->892 1077->892 1078->892
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2274262041.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_8560000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'cq$4ccq$4ccq$4ccq$4|hq$$cq$$cq$$cq$$cq$$cq
                                                                                                                                  • API String ID: 0-2010412313
                                                                                                                                  • Opcode ID: 09e2f6057552525b165b73a13bf2c3a9179239f1deebf74e3b40839f2797d7ae
                                                                                                                                  • Instruction ID: 7ef9858539c7284d6a578acb29bcca0facb97c044c570411aa7ad2dbdea62bed
                                                                                                                                  • Opcode Fuzzy Hash: 09e2f6057552525b165b73a13bf2c3a9179239f1deebf74e3b40839f2797d7ae
                                                                                                                                  • Instruction Fuzzy Hash: 92426A74B002198FDB15DF79C894AAEBBF2BF88311F148469E40AEB365DB349D42CB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 085608B0 Relevance: 6.6, Strings: 5, Instructions: 398COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1185 85608b0-85608f1 1187 85608f3-85608fb 1185->1187 1188 85608fd-8560901 1185->1188 1189 8560906-856090b 1187->1189 1188->1189 1190 8560914-856091d 1189->1190 1191 856090d-8560912 1189->1191 1192 8560920-8560922 1190->1192 1191->1192 1193 8560c8e-8560cb8 1192->1193 1194 8560928-8560941 call 8560728 1192->1194 1218 8560cbf-8560cff 1193->1218 1198 8560943-8560953 1194->1198 1199 856098f-8560996 1194->1199 1200 8560c26-8560c43 1198->1200 1201 8560959-8560971 1198->1201 1203 856099b-85609ab 1199->1203 1204 8560998 1199->1204 1206 8560c4c-8560c55 1200->1206 1205 8560977-856097e 1201->1205 1201->1206 1207 85609ad-85609b9 1203->1207 1208 85609bb-85609d8 1203->1208 1204->1203 1209 8560984-856098e 1205->1209 1210 8560c5d-8560c87 1205->1210 1206->1210 1212 85609dc-85609e8 1207->1212 1208->1212 1210->1193 1213 85609ee 1212->1213 1214 85609ea-85609ec 1212->1214 1217 85609f1-85609f3 1213->1217 1214->1217 1217->1218 1219 85609f9-8560a0e 1217->1219 1251 8560d06-8560d46 1218->1251 1220 8560a10-8560a1c 1219->1220 1221 8560a1e-8560a3b 1219->1221 1223 8560a3f-8560a4b 1220->1223 1221->1223 1225 8560a54-8560a5d 1223->1225 1226 8560a4d-8560a52 1223->1226 1229 8560a60-8560a62 1225->1229 1226->1229 1231 8560aea-8560aee 1229->1231 1232 8560a68 1229->1232 1234 8560b22-8560b3a call 85605f0 1231->1234 1235 8560af0-8560b0e 1231->1235 1287 8560a6a call 8560da7 1232->1287 1288 8560a6a call 8560da8 1232->1288 1250 8560b3f-8560b69 call 8560728 1234->1250 1235->1234 1248 8560b10-8560b1d call 8560728 1235->1248 1236 8560a70-8560a90 call 8560728 1244 8560a92-8560a9e 1236->1244 1245 8560aa0-8560abd 1236->1245 1249 8560ac1-8560acd 1244->1249 1245->1249 1248->1198 1253 8560ad6-8560adf 1249->1253 1254 8560acf-8560ad4 1249->1254 1262 8560b6b-8560b77 1250->1262 1263 8560b79-8560b96 1250->1263 1277 8560d4d-8560df8 1251->1277 1255 8560ae2-8560ae4 1253->1255 1254->1255 1255->1231 1255->1251 1264 8560b9a-8560ba6 1262->1264 1263->1264 1266 8560bac 1264->1266 1267 8560ba8-8560baa 1264->1267 1269 8560baf-8560bb1 1266->1269 1267->1269 1269->1198 1270 8560bb7-8560bc7 1269->1270 1272 8560bd7-8560bf4 1270->1272 1273 8560bc9-8560bd5 1270->1273 1274 8560bf8-8560c04 1272->1274 1273->1274 1275 8560c06-8560c0b 1274->1275 1276 8560c0d-8560c16 1274->1276 1278 8560c19-8560c1b 1275->1278 1276->1278 1278->1277 1279 8560c21 1278->1279 1279->1194 1287->1236 1288->1236
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2274262041.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_8560000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Hgq$Hgq$Hgq$Hgq$Hgq
                                                                                                                                  • API String ID: 0-2022333140
                                                                                                                                  • Opcode ID: 20c2c1558bdb7127c74a465a3305933df93e769c4f18689e021356065e0744b0
                                                                                                                                  • Instruction ID: a2506aa7f39ac29c38bb76600802b8338d051736908b07f0a3405f12002faf46
                                                                                                                                  • Opcode Fuzzy Hash: 20c2c1558bdb7127c74a465a3305933df93e769c4f18689e021356065e0744b0
                                                                                                                                  • Instruction Fuzzy Hash: CDF1BF35A0065ACBCB15CF74C0502BDFBB2FF85311F288AADD456BB281E7749A95CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB3F50 Relevance: 1.8, Strings: 1, Instructions: 530COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $cq
                                                                                                                                  • API String ID: 0-2110363268
                                                                                                                                  • Opcode ID: df198508d24a2dc9e42ef87e955c7b14973ca5eaef9d66d38e7eb29c6e23f730
                                                                                                                                  • Instruction ID: a2462092e61bf2f922d9ee206df1047588aa663089393503073e2af155007778
                                                                                                                                  • Opcode Fuzzy Hash: df198508d24a2dc9e42ef87e955c7b14973ca5eaef9d66d38e7eb29c6e23f730
                                                                                                                                  • Instruction Fuzzy Hash: 9F126D74F002058FCB54DF69D554AAEBBF6BF88700B149169E906EB36ADB30DC41CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F93838 Relevance: 1.0, Instructions: 1028COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 40059b87d21c2c95ffd7aa10c7f0a11627a6d356fbc92428ce9a79a122ad5feb
                                                                                                                                  • Instruction ID: 2f94f59d695f8cd30249362bc91a5bba06c264a83875377faeed50c6681af421
                                                                                                                                  • Opcode Fuzzy Hash: 40059b87d21c2c95ffd7aa10c7f0a11627a6d356fbc92428ce9a79a122ad5feb
                                                                                                                                  • Instruction Fuzzy Hash: 2A824875B002049FCB04CF68C894EAABBF6EF89710F15809AE545DB3A2DB71ED41CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBA3C8 Relevance: .3, Instructions: 301COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7b881220723bd1890b31c3f9355ad405ed97f85e9699e1c23be00c03973fbadf
                                                                                                                                  • Instruction ID: a62ec777b9bc1d011db1a49f23648d133a5698297cfc81a186f8d7df093b81cf
                                                                                                                                  • Opcode Fuzzy Hash: 7b881220723bd1890b31c3f9355ad405ed97f85e9699e1c23be00c03973fbadf
                                                                                                                                  • Instruction Fuzzy Hash: 50D1F574E00218CFCB18EFB8D954AADBBB2FF8A311F1081A9D41AAB254DB355985CF11
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBA3E8 Relevance: .3, Instructions: 289COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 250a237dce16ce65595dcbcee22d276017fca895e074cff245655a496cbc8326
                                                                                                                                  • Instruction ID: e98a1189b9ed5714f567582d0fab64ef43919f552ce766361c720274b88bc9d4
                                                                                                                                  • Opcode Fuzzy Hash: 250a237dce16ce65595dcbcee22d276017fca895e074cff245655a496cbc8326
                                                                                                                                  • Instruction Fuzzy Hash: 51D1E474E00218CFCB18EFB8D954A9DBBB2FF8A311F1081A9D41AAB254DF359985CF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F90D80 Relevance: 20.6, Strings: 16, Instructions: 625COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 294 6f90d80-6f90dcb 300 6f90efd-6f90f10 294->300 301 6f90dd1-6f90dd3 294->301 305 6f91006-6f91011 300->305 306 6f90f16-6f90f25 300->306 302 6f90dd6-6f90de5 301->302 307 6f90deb-6f90e1d 302->307 308 6f90e9d-6f90ea1 302->308 312 6f91019-6f91022 305->312 315 6f90f2b-6f90f51 306->315 316 6f90fd1-6f90fd5 306->316 344 6f90e1f-6f90e24 307->344 345 6f90e26-6f90e2d 307->345 309 6f90eb0 308->309 310 6f90ea3-6f90eae 308->310 313 6f90eb5-6f90eb8 309->313 310->313 313->312 320 6f90ebe-6f90ec2 313->320 346 6f90f5a-6f90f61 315->346 347 6f90f53-6f90f58 315->347 318 6f90fe4 316->318 319 6f90fd7-6f90fe2 316->319 321 6f90fe6-6f90fe8 318->321 319->321 322 6f90ed1 320->322 323 6f90ec4-6f90ecf 320->323 327 6f91039-6f910b5 321->327 328 6f90fea-6f90ff4 321->328 329 6f90ed3-6f90ed5 322->329 323->329 377 6f91189-6f9119c 327->377 378 6f910bb-6f910bd 327->378 338 6f90ff7-6f91000 328->338 333 6f90edb-6f90ee5 329->333 334 6f91025-6f91032 329->334 342 6f90ee8-6f90ef2 333->342 334->327 338->305 338->306 342->302 349 6f90ef8 342->349 352 6f90e91-6f90e9b 344->352 353 6f90e2f-6f90e50 345->353 354 6f90e52-6f90e76 345->354 350 6f90f63-6f90f84 346->350 351 6f90f86-6f90faa 346->351 348 6f90fc5-6f90fcf 347->348 348->338 349->312 350->348 369 6f90fac-6f90fb2 351->369 370 6f90fc2 351->370 352->342 353->352 367 6f90e78-6f90e7e 354->367 368 6f90e8e 354->368 372 6f90e80 367->372 373 6f90e82-6f90e84 367->373 368->352 374 6f90fb4 369->374 375 6f90fb6-6f90fb8 369->375 370->348 372->368 373->368 374->370 375->370 382 6f911a2-6f911b1 377->382 383 6f91234-6f9123f 377->383 379 6f910c0-6f910cf 378->379 384 6f91129-6f9112d 379->384 385 6f910d1-6f910fe 379->385 392 6f911ff-6f91203 382->392 393 6f911b3-6f911dc 382->393 386 6f91247-6f91250 383->386 387 6f9113c 384->387 388 6f9112f-6f9113a 384->388 407 6f91104-6f91106 385->407 391 6f91141-6f91144 387->391 388->391 391->386 397 6f9114a-6f9114e 391->397 395 6f91212 392->395 396 6f91205-6f91210 392->396 416 6f911de-6f911e4 393->416 417 6f911f4-6f911fd 393->417 401 6f91214-6f91216 395->401 396->401 399 6f9115d 397->399 400 6f91150-6f9115b 397->400 406 6f9115f-6f91161 399->406 400->406 404 6f91218-6f91222 401->404 405 6f91267-6f91284 401->405 424 6f91225-6f9122e 404->424 430 6f91298-6f9129e 405->430 431 6f91286-6f91294 405->431 410 6f91253-6f91260 406->410 411 6f91167-6f91171 406->411 413 6f91108-6f9110e 407->413 414 6f9111e-6f91127 407->414 410->405 425 6f91174-6f9117e 411->425 422 6f91110 413->422 423 6f91112-6f91114 413->423 414->425 418 6f911e8-6f911ea 416->418 419 6f911e6 416->419 417->424 418->417 419->417 422->414 423->414 424->382 424->383 425->379 429 6f91184 425->429 429->386 434 6f9129f-6f912af 430->434 432 6f912c4-6f912c5 431->432 433 6f91296 431->433 435 6f912c7-6f912e9 432->435 433->430 433->434 434->435 437 6f912b1-6f912b7 434->437 442 6f912ec-6f912f0 435->442 439 6f912b9 437->439 440 6f912bb-6f912bd 437->440 439->435 440->432 443 6f912f9-6f912fe 442->443 444 6f912f2-6f912f7 442->444 445 6f91304-6f91307 443->445 444->445 446 6f914f8-6f91500 445->446 447 6f9130d-6f91322 445->447 447->442 449 6f91324 447->449 450 6f91498-6f914b9 449->450 451 6f9132b-6f91350 449->451 452 6f913e0-6f91405 449->452 456 6f914bf-6f914f3 450->456 464 6f91352-6f91354 451->464 465 6f91356-6f9135a 451->465 462 6f9140b-6f9140f 452->462 463 6f91407-6f91409 452->463 456->442 468 6f91411-6f9142e 462->468 469 6f91430-6f91453 462->469 467 6f9146d-6f91493 463->467 470 6f913b8-6f913db 464->470 471 6f9137b-6f9139e 465->471 472 6f9135c-6f91379 465->472 467->442 468->467 486 6f9146b 469->486 487 6f91455-6f9145b 469->487 470->442 488 6f913a0-6f913a6 471->488 489 6f913b6 471->489 472->470 486->467 490 6f9145d 487->490 491 6f9145f-6f91461 487->491 492 6f913a8 488->492 493 6f913aa-6f913ac 488->493 489->470 490->486 491->486 492->489 493->489
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq
                                                                                                                                  • API String ID: 0-2880895608
                                                                                                                                  • Opcode ID: 683ab88b7be0743dfd30990496101159d5fe80a8530361cd08aa2db308b18c1f
                                                                                                                                  • Instruction ID: 5e1ac32dfa7cec7e2044daaca553af326e21952b23ad1fd7b9a5fba7004b7909
                                                                                                                                  • Opcode Fuzzy Hash: 683ab88b7be0743dfd30990496101159d5fe80a8530361cd08aa2db308b18c1f
                                                                                                                                  • Instruction Fuzzy Hash: CD327E70B002069FEF55DB69D854A6EBBE6FF89304B14846AE506CB3A2CF34DC41CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F91584 Relevance: 7.8, Strings: 6, Instructions: 337COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1079 6f91584 1080 6f9158e 1079->1080 1081 6f91598-6f915af 1080->1081 1082 6f915b5-6f915b7 1081->1082 1083 6f915b9-6f915bf 1082->1083 1084 6f915cf-6f915f1 1082->1084 1085 6f915c1 1083->1085 1086 6f915c3-6f915c5 1083->1086 1089 6f91638-6f9163f 1084->1089 1085->1084 1086->1084 1090 6f91571-6f91580 1089->1090 1091 6f91645-6f91747 1089->1091 1094 6f915f3-6f915f7 1090->1094 1095 6f91582 1090->1095 1096 6f915f9-6f91604 1094->1096 1097 6f91606 1094->1097 1095->1079 1099 6f9160b-6f9160e 1096->1099 1097->1099 1099->1091 1102 6f91610-6f91614 1099->1102 1103 6f91623 1102->1103 1104 6f91616-6f91621 1102->1104 1105 6f91625-6f91627 1103->1105 1104->1105 1106 6f9174a-6f9178e 1105->1106 1107 6f9162d-6f91637 1105->1107 1114 6f91790-6f91796 1106->1114 1115 6f91797-6f917a7 1106->1115 1107->1089 1114->1115 1117 6f917a9-6f917af 1115->1117 1118 6f917bf-6f917e1 1115->1118 1119 6f917b1 1117->1119 1120 6f917b3-6f917b5 1117->1120 1123 6f917e4-6f917e8 1118->1123 1119->1118 1120->1118 1124 6f917ea-6f917ef 1123->1124 1125 6f917f1-6f917f6 1123->1125 1126 6f917fc-6f917ff 1124->1126 1125->1126 1127 6f91abf-6f91ac7 1126->1127 1128 6f91805-6f9181a 1126->1128 1128->1123 1130 6f9181c 1128->1130 1131 6f918d8-6f9198b 1130->1131 1132 6f91990-6f919bd 1130->1132 1133 6f91823-6f918d3 1130->1133 1134 6f91a07-6f91a2c 1130->1134 1131->1123 1153 6f919c3-6f919cd 1132->1153 1154 6f91b36-6f91b73 1132->1154 1133->1123 1149 6f91a2e-6f91a30 1134->1149 1150 6f91a32-6f91a36 1134->1150 1155 6f91a94-6f91aba 1149->1155 1156 6f91a38-6f91a55 1150->1156 1157 6f91a57-6f91a7a 1150->1157 1159 6f91b00-6f91b2f 1153->1159 1160 6f919d3-6f91a02 1153->1160 1155->1123 1156->1155 1177 6f91a7c-6f91a82 1157->1177 1178 6f91a92 1157->1178 1159->1154 1160->1123 1180 6f91a84 1177->1180 1181 6f91a86-6f91a88 1177->1181 1178->1155 1180->1178 1181->1178
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $cq$$cq$$cq$$cq$$cq$$cq
                                                                                                                                  • API String ID: 0-2877684506
                                                                                                                                  • Opcode ID: 941ff519af025e7cd4cc0d56475fd25226b261cce526831e45cf557da968e8a3
                                                                                                                                  • Instruction ID: a27905d70d65dd39892d6ba79653c37b9183f5b6f814d9b44a909a5cc7ee55b9
                                                                                                                                  • Opcode Fuzzy Hash: 941ff519af025e7cd4cc0d56475fd25226b261cce526831e45cf557da968e8a3
                                                                                                                                  • Instruction Fuzzy Hash: 6DC1D374B002469FEB55DBA8C854A6E7BE6EF89300F11847AE502CB392DF74DC45C7A2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 08565828 Relevance: 2.6, Strings: 2, Instructions: 127COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1627 8565828-8565849 1629 85659d3-8565a0e 1627->1629 1630 856584f-8565877 1627->1630 1643 8565a13-8565a19 1629->1643 1675 8565879 call 8565a80 1630->1675 1676 8565879 call 8565a6f 1630->1676 1640 856587f-8565887 1679 8565887 call 8565b58 1640->1679 1680 8565887 call 8565b68 1640->1680 1644 856588d-8565933 1659 8565935-85659a4 1644->1659 1660 85659ad-85659c1 1644->1660 1659->1660 1677 85659c3 call 8565c58 1660->1677 1678 85659c3 call 8565c49 1660->1678 1666 85659c9-85659d1 1666->1643 1675->1640 1676->1640 1677->1666 1678->1666 1679->1644 1680->1644
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2274262041.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_8560000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: xgq$xgq
                                                                                                                                  • API String ID: 0-3375353653
                                                                                                                                  • Opcode ID: c2a4be95ce4c2eda342e7635b44e83ecfcc00a37a33ae6690d94e8b65efe05f1
                                                                                                                                  • Instruction ID: 0be57b6ba53fa3766a15607e83e8debfb76f17a40aad17aaca0377d89edaf15b
                                                                                                                                  • Opcode Fuzzy Hash: c2a4be95ce4c2eda342e7635b44e83ecfcc00a37a33ae6690d94e8b65efe05f1
                                                                                                                                  • Instruction Fuzzy Hash: C7416A746003058BC715EB38DA5456E7BA3FFC0311721896DE5428F396EE79AD9ACBC0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0856581A Relevance: 2.6, Strings: 2, Instructions: 116COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1681 856581a-8565849 1684 85659d3-8565a0e 1681->1684 1685 856584f-8565877 1681->1685 1698 8565a13-8565a19 1684->1698 1732 8565879 call 8565a80 1685->1732 1733 8565879 call 8565a6f 1685->1733 1695 856587f-8565887 1730 8565887 call 8565b58 1695->1730 1731 8565887 call 8565b68 1695->1731 1699 856588d-8565933 1714 8565935-85659a4 1699->1714 1715 85659ad-85659c1 1699->1715 1714->1715 1734 85659c3 call 8565c58 1715->1734 1735 85659c3 call 8565c49 1715->1735 1721 85659c9-85659d1 1721->1698 1730->1699 1731->1699 1732->1695 1733->1695 1734->1721 1735->1721
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2274262041.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_8560000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: xgq$xgq
                                                                                                                                  • API String ID: 0-3375353653
                                                                                                                                  • Opcode ID: ff66e7d51cc1d2e6b4812a6efe0fbe93fdc28505f90df1e492e1eeedc7ea74be
                                                                                                                                  • Instruction ID: d182b63de07b8531440a1734a7fba37c2701df69d718b778951f1e248ffc6e7f
                                                                                                                                  • Opcode Fuzzy Hash: ff66e7d51cc1d2e6b4812a6efe0fbe93fdc28505f90df1e492e1eeedc7ea74be
                                                                                                                                  • Instruction Fuzzy Hash: E6415B746003068BC715EB34DA545AE7BB2FFC03157218E6DE5428F352EE79A99ACBC0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 03275935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 032759F1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2243347093.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_3270000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Create
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                  • Opcode ID: 137bb11de8d2ccb23f232e234ffc39e63747822109cfa4bf3d37feb0eec2cd74
                                                                                                                                  • Instruction ID: 55837c617687dd463331ca9d58c271cbf320a9db5e56f2b90790d0b98fbd1b56
                                                                                                                                  • Opcode Fuzzy Hash: 137bb11de8d2ccb23f232e234ffc39e63747822109cfa4bf3d37feb0eec2cd74
                                                                                                                                  • Instruction Fuzzy Hash: CF41B0B0D10629CEDB24DFA9C884ACDFBB5FF49304F24806AD418AB251DB756989CF91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 03274248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 032759F1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2243347093.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_3270000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Create
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                  • Opcode ID: 230fb63d64967c44e4e6febc59e291601fac1ce468269504d4456d523d350824
                                                                                                                                  • Instruction ID: f8ce900ffd5b58167d6396c11ac251df778930abf48c93e40bc5d74ddce3867c
                                                                                                                                  • Opcode Fuzzy Hash: 230fb63d64967c44e4e6febc59e291601fac1ce468269504d4456d523d350824
                                                                                                                                  • Instruction Fuzzy Hash: F341D0B0D10719CADB24DFA9C884B8DFBB5FF49304F20806AD408AB251DBB56989CF91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0327C9D0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0327D04E,?,?,?,?,?), ref: 0327D10F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2243347093.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_3270000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                  • Opcode ID: 6fccf3d075382bfec33b96bfedb8d7c0838cd867cbb0186a1f8a32ccb1d43799
                                                                                                                                  • Instruction ID: 4e2b6758f25da56455e8756d72fd7b4bfb4f205000c78fda78a4317e40ac1b40
                                                                                                                                  • Opcode Fuzzy Hash: 6fccf3d075382bfec33b96bfedb8d7c0838cd867cbb0186a1f8a32ccb1d43799
                                                                                                                                  • Instruction Fuzzy Hash: 2621E3B5D10249AFDB10CF9AD884ADEFBF8FB48310F14841AE918A3310D378A954CFA5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0327D080 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0327D04E,?,?,?,?,?), ref: 0327D10F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2243347093.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_3270000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                  • Opcode ID: 704eb357b8826e53aeeff383819835200d894bc1ef9706736ce79e112d513d3f
                                                                                                                                  • Instruction ID: 0ba65a052c8cb82cdf70597db26bfe871939687c56f451454fa7629673be807e
                                                                                                                                  • Opcode Fuzzy Hash: 704eb357b8826e53aeeff383819835200d894bc1ef9706736ce79e112d513d3f
                                                                                                                                  • Instruction Fuzzy Hash: A321E4B5D002499FDB10CFA9D885ADEFBF4FB48310F14841AE918A7310D378A954CFA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F91BA0 Relevance: 1.5, Instructions: 1454COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a9985d1cc637d2bf07d9d0656e28124846084110366f4521aaa6a976a0ed2fe9
                                                                                                                                  • Instruction ID: a9504e2a5c6f4b76b3680315d96fe9aa47d39a27ab9cbbcd78ec861f8610322d
                                                                                                                                  • Opcode Fuzzy Hash: a9985d1cc637d2bf07d9d0656e28124846084110366f4521aaa6a976a0ed2fe9
                                                                                                                                  • Instruction Fuzzy Hash: 2BC26170B101199FCB54DF68C895AEEBBB6FF88700F10809AE506AB3A5DB719E41CF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB5E10 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,gq
                                                                                                                                  • API String ID: 0-3993090981
                                                                                                                                  • Opcode ID: 02344c2f3573e23c9dd2807ef52a1b890e94c23d45b8230a39b4402f8eff35a6
                                                                                                                                  • Instruction ID: fbe12369d9d19545564e869cf968aecbbdcda033b6f792ac952a452511d5d8c5
                                                                                                                                  • Opcode Fuzzy Hash: 02344c2f3573e23c9dd2807ef52a1b890e94c23d45b8230a39b4402f8eff35a6
                                                                                                                                  • Instruction Fuzzy Hash: 63514C34B046008FC398DF29D45492ABBE3BFC931072599A8F506CF3A9DA34EC41CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB5E00 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,gq
                                                                                                                                  • API String ID: 0-3993090981
                                                                                                                                  • Opcode ID: 54e51d8d334f5f37f71e3ac24a01a9c8f1012494db2b4c027d704da2666091a1
                                                                                                                                  • Instruction ID: a2300dd1e5f68aa99b4668b7f1899a32781406efe4e081a3e65f330832a1de76
                                                                                                                                  • Opcode Fuzzy Hash: 54e51d8d334f5f37f71e3ac24a01a9c8f1012494db2b4c027d704da2666091a1
                                                                                                                                  • Instruction Fuzzy Hash: E6414934B046018FD398DF3AD49486ABBE3BFC931572549A8F506CB3A9DE35DC418BA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB84C8 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'cq
                                                                                                                                  • API String ID: 0-182294849
                                                                                                                                  • Opcode ID: ee77ace5117843834c4c8b65e3c7562170f01751d85fe210b66150a658acb1e0
                                                                                                                                  • Instruction ID: 06f42dc33767f9e9234ea4ff2195edce8c883b7515905803afeebd273ab12a42
                                                                                                                                  • Opcode Fuzzy Hash: ee77ace5117843834c4c8b65e3c7562170f01751d85fe210b66150a658acb1e0
                                                                                                                                  • Instruction Fuzzy Hash: 9F31B1347002058FDB09FB78A8A02AF77E3AFC8210B504439D616DB385EE35DE0687E2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBB358 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'cq
                                                                                                                                  • API String ID: 0-182294849
                                                                                                                                  • Opcode ID: cb6e9562d1e9ffdb524a95949fe6c02a470b2cce6725bb23736492820ab16a61
                                                                                                                                  • Instruction ID: 3ee115858ae78c36bd1f60b2eb100b4c675ec7197de67bdcd1dd1aeb5a1ce369
                                                                                                                                  • Opcode Fuzzy Hash: cb6e9562d1e9ffdb524a95949fe6c02a470b2cce6725bb23736492820ab16a61
                                                                                                                                  • Instruction Fuzzy Hash: CC01D478A05249AFCB45EFB8E9455AC7FF1FF85210B2044AAD8459B251DB381F88CB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB3EC1 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'cq
                                                                                                                                  • API String ID: 0-182294849
                                                                                                                                  • Opcode ID: 62fd63318f145780bc5d05d3dd0484e27c651a87ddb87b8c9699a81d90fdef98
                                                                                                                                  • Instruction ID: 9be6fa187d579be47234be2a66d1d91f728f6ca09052aa264c1397122ce579c3
                                                                                                                                  • Opcode Fuzzy Hash: 62fd63318f145780bc5d05d3dd0484e27c651a87ddb87b8c9699a81d90fdef98
                                                                                                                                  • Instruction Fuzzy Hash: ECF0C8353002068BC719EB39D450AAE77D7EFC52503644869E5468B350EF30AD5683A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB3EC8 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'cq
                                                                                                                                  • API String ID: 0-182294849
                                                                                                                                  • Opcode ID: 2d398ce6090276dd4199194192c204a744d27d91fb4e4a06e0f6045fa620d502
                                                                                                                                  • Instruction ID: 5b967894a509ae8957ef7464b129a51805caba8552689cae8f0a2df703fbc57d
                                                                                                                                  • Opcode Fuzzy Hash: 2d398ce6090276dd4199194192c204a744d27d91fb4e4a06e0f6045fa620d502
                                                                                                                                  • Instruction Fuzzy Hash: A6F024363002028BC709EB28E410A6F37D7EFC92103644828E54A8B340EF30AC4B83E1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBB368 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'cq
                                                                                                                                  • API String ID: 0-182294849
                                                                                                                                  • Opcode ID: f84b9b6a5754268b47ec81365f24065556b7b99e9a091ce53d43d85411c26db8
                                                                                                                                  • Instruction ID: a026f9729ed40cba3fc48954f7d80ad11541c269e4064738019d313a16af9535
                                                                                                                                  • Opcode Fuzzy Hash: f84b9b6a5754268b47ec81365f24065556b7b99e9a091ce53d43d85411c26db8
                                                                                                                                  • Instruction Fuzzy Hash: 96F04FB8A0120DEFCB44EFB8E54555C7FF2FB84205B2045A9D94597351DB385E94CB41
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0044D598 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualAlloc.KERNEL32(?,?,?,?), ref: 0044D5C3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2240826384.0000000000441000.00000040.00000001.01000000.0000000B.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                  • Associated: 00000005.00000002.2240826384.00000000002E0000.00000040.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                  • Associated: 00000005.00000002.2240826384.0000000000421000.00000040.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                  • Associated: 00000005.00000002.2240826384.0000000000426000.00000040.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_270000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 16c7a8783d4b7f26211bd90bae736854a1efe3b754c54634baa0ef79fd9f0976
                                                                                                                                  • Instruction ID: cdb1239ff69d230b352bf34364448a45ac2fcbacfb683929b4a20eccada84a6b
                                                                                                                                  • Opcode Fuzzy Hash: 16c7a8783d4b7f26211bd90bae736854a1efe3b754c54634baa0ef79fd9f0976
                                                                                                                                  • Instruction Fuzzy Hash: 3AE0ECB9B00108AFEB10CE4CD944B6B339DEB89314F108022FA09D7340C638EC109769
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F900D8 Relevance: .7, Instructions: 676COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3cdc8cd195da81a6086fbcf72849f528e5499967611d7083ec059d597cb1ac2a
                                                                                                                                  • Instruction ID: 8a9d488732b0242de533f01be609e0c3de8889fe857330e10e1681b1abc75377
                                                                                                                                  • Opcode Fuzzy Hash: 3cdc8cd195da81a6086fbcf72849f528e5499967611d7083ec059d597cb1ac2a
                                                                                                                                  • Instruction Fuzzy Hash: 964288747406298FCB64DF68A460A2EBBF2FBC6700B10499CD9039B391CF79ED458B95
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB48B8 Relevance: .6, Instructions: 600COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 44d33d5004150532b0e698bd324d95990fbe3ac512bab64ad7091f2fe78b0368
                                                                                                                                  • Instruction ID: 4b5c19a8aa01d52372ac3496446a600303205eda9dee7af968ca9bf57b2bb594
                                                                                                                                  • Opcode Fuzzy Hash: 44d33d5004150532b0e698bd324d95990fbe3ac512bab64ad7091f2fe78b0368
                                                                                                                                  • Instruction Fuzzy Hash: B7325C75B006018FCB54DF2AD588AAABBF6FF89300B1584A9E546CB366DB30EC45CF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F900B8 Relevance: .3, Instructions: 339COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 967df712261996b7656a31fa59e057beb962b2297ba4ef22466491e61c2e6243
                                                                                                                                  • Instruction ID: 7315cb442ea64b1552d6d7dbb1e56708eb7ab2268b5d6de65249ab640945437c
                                                                                                                                  • Opcode Fuzzy Hash: 967df712261996b7656a31fa59e057beb962b2297ba4ef22466491e61c2e6243
                                                                                                                                  • Instruction Fuzzy Hash: C6C16334B402059FEF449B68D859B697BB7FF8A704F10805AE9029B3A2CF75DC45CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F905EE Relevance: .3, Instructions: 314COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4118128175c506f1268e25eb54c4269195f9e1980e7f7d613c321fdb8b8487c8
                                                                                                                                  • Instruction ID: 8496e20623c7f83b8eddd7ee71d653bc200817330a15143e60ee8a5e9b4f027b
                                                                                                                                  • Opcode Fuzzy Hash: 4118128175c506f1268e25eb54c4269195f9e1980e7f7d613c321fdb8b8487c8
                                                                                                                                  • Instruction Fuzzy Hash: 9DC19F34B402049FEF448B68D859B6977B7FB89704F50805AEA028B3A2CF75DC85CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F90666 Relevance: .3, Instructions: 307COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 23019188853c3548df8dabd360580d9cf288a853afa0a096afe378c8e03c6ddc
                                                                                                                                  • Instruction ID: f6808d4289fbedd79d27f22e5267da351f89228c8bc0dfee154f58461679294d
                                                                                                                                  • Opcode Fuzzy Hash: 23019188853c3548df8dabd360580d9cf288a853afa0a096afe378c8e03c6ddc
                                                                                                                                  • Instruction Fuzzy Hash: F7B18234B502049FEF448B68D959B6977B7FB89704F40805AEA029B3A2CF75DC45CFA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F906DE Relevance: .3, Instructions: 307COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d621ec3648fbce09ce03edb7264196bb59d2a3c1c170c54ece1b31314a8b57c6
                                                                                                                                  • Instruction ID: a47c15094edf94abfb7e2dfe45a64ad6a8439567249927aca11d98de830cdb83
                                                                                                                                  • Opcode Fuzzy Hash: d621ec3648fbce09ce03edb7264196bb59d2a3c1c170c54ece1b31314a8b57c6
                                                                                                                                  • Instruction Fuzzy Hash: 1BB18234B502049FEF448B64D959B6977B7FB8A704F40805AEA029B3A2CF75DC85CFA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB48A8 Relevance: .3, Instructions: 285COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 10b8379a53165dfa384ed6d96971a3a7e52d3d7e12379c4bf9c4684b2d1c8616
                                                                                                                                  • Instruction ID: 0bd77f49bc3a7aa13973d5be494a0ab053583b291d8f2ff6c07ac3581e247652
                                                                                                                                  • Opcode Fuzzy Hash: 10b8379a53165dfa384ed6d96971a3a7e52d3d7e12379c4bf9c4684b2d1c8616
                                                                                                                                  • Instruction Fuzzy Hash: 89B14874B002058FCB54DF3AD588AAABBF6BF89300B1544A9E546DB366DB34EC05CF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0856D830 Relevance: .3, Instructions: 260COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2274262041.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_8560000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b6eb75eb650603a23ba4ac4debda3a9511e372f929fe07418511fae90932cbb4
                                                                                                                                  • Instruction ID: d5850a88dbb0ea69d10e964f7c9fdbc8b021b566da64b17bc23fbd1bfa5145ed
                                                                                                                                  • Opcode Fuzzy Hash: b6eb75eb650603a23ba4ac4debda3a9511e372f929fe07418511fae90932cbb4
                                                                                                                                  • Instruction Fuzzy Hash: 93B10374E052188FDB14DFA9C484BADFBF2BF88311F28C569D448AB295CB35A985CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB7D58 Relevance: .1, Instructions: 147COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fc1fc84fb331d614a03c4cac3203542353ede21acba030d1995d091840b9b828
                                                                                                                                  • Instruction ID: c6831dc2fda29c16b27d0fb4516ad03d381c8bf52d9cabf70590bef566d1229a
                                                                                                                                  • Opcode Fuzzy Hash: fc1fc84fb331d614a03c4cac3203542353ede21acba030d1995d091840b9b828
                                                                                                                                  • Instruction Fuzzy Hash: A1514971E00258DFDB54DFAAC885BDEBBF6BF88300F14852AE415AB254D774A845CF81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F934D8 Relevance: .1, Instructions: 143COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7328aabef8f3b6129a5d005634a4d4d6313a45e008b26f1e23f9c71113d5c3ac
                                                                                                                                  • Instruction ID: e7957e499a84ff210f06d8737727d796303343c69f58b3337879680d9396c297
                                                                                                                                  • Opcode Fuzzy Hash: 7328aabef8f3b6129a5d005634a4d4d6313a45e008b26f1e23f9c71113d5c3ac
                                                                                                                                  • Instruction Fuzzy Hash: B9513775F10519AFCB54CF69C88499ABBF2FF8D310B11806AE905AB365EB31EC05CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F92FC8 Relevance: .1, Instructions: 143COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 381af8202b8b03376ea9da77489eeeb8c0c9ceecd8532909060662a1e2bb30d3
                                                                                                                                  • Instruction ID: fafe7dac912ed1d17c5f3b913f76c04cef3d10f5aa6da690793791f3b1557688
                                                                                                                                  • Opcode Fuzzy Hash: 381af8202b8b03376ea9da77489eeeb8c0c9ceecd8532909060662a1e2bb30d3
                                                                                                                                  • Instruction Fuzzy Hash: 52513675F10119AFCB44CF69C88499ABBF2FF89314B11806AED05AB361DB31EC05CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB7D4C Relevance: .1, Instructions: 130COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a51e43d33e908fac47d004c912d2fb17106b99008ab8c6f88e00bbc5fe00ec3d
                                                                                                                                  • Instruction ID: aa6b94986de1c126c7dc46040637c216f3e7ac0987ecbc7c6811dcdf2f74e875
                                                                                                                                  • Opcode Fuzzy Hash: a51e43d33e908fac47d004c912d2fb17106b99008ab8c6f88e00bbc5fe00ec3d
                                                                                                                                  • Instruction Fuzzy Hash: DF5157B0D002599FDB54DFAAC885BDEBBF5BF88304F14842AE415EB240DB749845CF91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0856B858 Relevance: .1, Instructions: 129COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2274262041.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_8560000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 58275999d8793d69648c80a5286cb1c58f0a2d75f70b27977adec090fcebb9b3
                                                                                                                                  • Instruction ID: 45dd24e9ff2f7d4f12b5af6e73d9cd0f4b8f93617d124ad1749e8be83f1efde6
                                                                                                                                  • Opcode Fuzzy Hash: 58275999d8793d69648c80a5286cb1c58f0a2d75f70b27977adec090fcebb9b3
                                                                                                                                  • Instruction Fuzzy Hash: 8D51B2B4E012189FCB04DFA8D994ADEBBF2FF88310F10816AE815AB354DB34A945CF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0856B868 Relevance: .1, Instructions: 123COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2274262041.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_8560000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dfd3e885d099c2d4a5764bf7b9d6d842d1cb404c07bd2ea50482c20fc3bc8d39
                                                                                                                                  • Instruction ID: c05881aa3733a941146013ba7acdcb00d8415617ccc15f4fddc0562e31d49dfb
                                                                                                                                  • Opcode Fuzzy Hash: dfd3e885d099c2d4a5764bf7b9d6d842d1cb404c07bd2ea50482c20fc3bc8d39
                                                                                                                                  • Instruction Fuzzy Hash: 1A5190B4E012199FCB04DFA8D984ADDBBF2FF88310F10812AE815AB354DB34A945CF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F94730 Relevance: .1, Instructions: 116COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e326f13834f576b1b368839b5fafe5d0a0a80ddf86e9f4213f16d2a165e1f9e0
                                                                                                                                  • Instruction ID: e26d9340f6c9454da8169adbd742aaed551a18595e9b2b83f38c008e7a9f7c40
                                                                                                                                  • Opcode Fuzzy Hash: e326f13834f576b1b368839b5fafe5d0a0a80ddf86e9f4213f16d2a165e1f9e0
                                                                                                                                  • Instruction Fuzzy Hash: EB41D475B001149FCB44DF69D89896EBBF6FF88711B258469E906DB3A1DA31EC01CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB5579 Relevance: .1, Instructions: 106COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0b4a8399c94ea80008bd2bb9dc933564f120be4a0a37d3a90d11eb65bbed34da
                                                                                                                                  • Instruction ID: 7eec168a40b0e437574b091aa58ff7e5bde1e831866311d4690959f646cc8cde
                                                                                                                                  • Opcode Fuzzy Hash: 0b4a8399c94ea80008bd2bb9dc933564f120be4a0a37d3a90d11eb65bbed34da
                                                                                                                                  • Instruction Fuzzy Hash: 16417A75B013119FCB55DF39D88899ABBB2EF8A300B1484A9E905CB35ADB34DD45CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB5588 Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3fb0b53c174db323464e356c1ad9d4454d515a3ef6c2de0eb3943c6a1245899f
                                                                                                                                  • Instruction ID: 60e6f4f8ad76e86e954cf5ffc370ae9065d26588ded1b6fab4a2fdfc70b1f943
                                                                                                                                  • Opcode Fuzzy Hash: 3fb0b53c174db323464e356c1ad9d4454d515a3ef6c2de0eb3943c6a1245899f
                                                                                                                                  • Instruction Fuzzy Hash: 9C313975B003119FCB55DF39D8889AABBB2FF89310B108469E906DB359DB35ED41CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB87A0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5592639cc33955c0d3c50bd3d05914ee473fe4563ad63f9fba4a6c145291c4e7
                                                                                                                                  • Instruction ID: 71e47d969749cb43c6862e04464ee987d513f4ab76ad691ee07366cd8dcf6b6e
                                                                                                                                  • Opcode Fuzzy Hash: 5592639cc33955c0d3c50bd3d05914ee473fe4563ad63f9fba4a6c145291c4e7
                                                                                                                                  • Instruction Fuzzy Hash: 3E41F4B1D01248DFDB54DFAAD944ADEFBBAAF88310F14802AE415B7250DB35A945CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06F94714 Relevance: .1, Instructions: 90COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266608642.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6f90000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 88f553b778b9d18280ded9d31771662294db241d9d6dce23b96e9ecd8f110fa3
                                                                                                                                  • Instruction ID: d1050220ffd8d999401b7fc31c0bb99ed7f0a73a1042168e498ba550458e46e9
                                                                                                                                  • Opcode Fuzzy Hash: 88f553b778b9d18280ded9d31771662294db241d9d6dce23b96e9ecd8f110fa3
                                                                                                                                  • Instruction Fuzzy Hash: 52314C35B042049FCB45DF69D89896EBBF1FF89211B15846AE906DB361DB30EC05CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0856D820 Relevance: .1, Instructions: 81COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2274262041.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_8560000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a1fa8732039565837099ef8cc164075ef92b5d2757c8ee0ee98d42796dcb400c
                                                                                                                                  • Instruction ID: 1f05b454bfc87aa33908f6fc19d34d5911204bf27e76f6b29254ed1ccad17827
                                                                                                                                  • Opcode Fuzzy Hash: a1fa8732039565837099ef8cc164075ef92b5d2757c8ee0ee98d42796dcb400c
                                                                                                                                  • Instruction Fuzzy Hash: 8331E4B1E012588BEB14CFAAC9483DDBBF2BF88314F14C16AD448AB294DB754989CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB8797 Relevance: .1, Instructions: 80COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e24829f4291737b9cd30b5eaa09c4ba4f57293bd105d7da925d19f98cccd7050
                                                                                                                                  • Instruction ID: b2b2f2e689ceaa2859124c3b6e3ce2d5c318f1068013cfa89203d3f469ac2b41
                                                                                                                                  • Opcode Fuzzy Hash: e24829f4291737b9cd30b5eaa09c4ba4f57293bd105d7da925d19f98cccd7050
                                                                                                                                  • Instruction Fuzzy Hash: 2B3104B1D012489FDB14DFAAC944ADEFFFAAF88300F14802AE425B7250DB749945CF91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0321D654 Relevance: .1, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2243063943.000000000321D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0321D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_321d000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bc9db1bd8b07e657b89c91df50ceb5e8a98edd8df8cafb59d780858cacf36ef3
                                                                                                                                  • Instruction ID: 2e7fed7d168cc61004b3252e23ca6b464f9871d964941e24016420c407574609
                                                                                                                                  • Opcode Fuzzy Hash: bc9db1bd8b07e657b89c91df50ceb5e8a98edd8df8cafb59d780858cacf36ef3
                                                                                                                                  • Instruction Fuzzy Hash: 1D2108B6524240EFCB05DF14DAC0B26BFE5FB98314F24C6A9D9490B246C336D466CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB8A98 Relevance: .1, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7a9d1a0c69901665dce0164ea3e2dacc2d7e24720ee12f3dbe8622c775ea60f9
                                                                                                                                  • Instruction ID: 0929643e663e9b0b981e8dbfd6ed95de2e64b8f36a986653850d5c90131e9fdf
                                                                                                                                  • Opcode Fuzzy Hash: 7a9d1a0c69901665dce0164ea3e2dacc2d7e24720ee12f3dbe8622c775ea60f9
                                                                                                                                  • Instruction Fuzzy Hash: 523124B1D01258DFDF14CFAAD894ADEFBB9AF88350F24842AE419B7240C774A845CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0321D1FC Relevance: .1, Instructions: 76COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2243063943.000000000321D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0321D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_321d000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 62fe53849e6d56b4b00be6e128dff3ae8818b04d913b40541435904bf4153fb4
                                                                                                                                  • Instruction ID: a2a74efd4348d23cb3fb9b919461acf3d980c58805c200f2dbac327caf10f3d6
                                                                                                                                  • Opcode Fuzzy Hash: 62fe53849e6d56b4b00be6e128dff3ae8818b04d913b40541435904bf4153fb4
                                                                                                                                  • Instruction Fuzzy Hash: EC2121B1524201DFDB05CF14DAC0B2AFBA5FB98310F24C6A9EC090B206C376D4A6CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0321D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2243063943.000000000321D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0321D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_321d000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e8236a8d0d9539cd277326481505cbcefa46d518b7e27c70af5084ab92dc9cc4
                                                                                                                                  • Instruction ID: f50e3d4cbedaa97eb79397b39dfb405bcd2a10f8023c1b9db1537f9541032556
                                                                                                                                  • Opcode Fuzzy Hash: e8236a8d0d9539cd277326481505cbcefa46d518b7e27c70af5084ab92dc9cc4
                                                                                                                                  • Instruction Fuzzy Hash: D52148B5510201DFDB04CF04DAC0B26FFA5FBA4314F24C5A9D8090B206C336E4A6DBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB8A8C Relevance: .1, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 32e5aa8599087d39bd8529ffc5ae1ee583e6c4a30ecbe7f32c105bf2316381f4
                                                                                                                                  • Instruction ID: 24647008446568d2b3347363a801c44b20c693965a22aa95a8958eac8bde7d19
                                                                                                                                  • Opcode Fuzzy Hash: 32e5aa8599087d39bd8529ffc5ae1ee583e6c4a30ecbe7f32c105bf2316381f4
                                                                                                                                  • Instruction Fuzzy Hash: C02124B1D012499FDB54CFAAC894BDEBFF9AF88340F24942AE415A7240D774A845CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB6E73 Relevance: .1, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3df2c7df524540e242c22f124650636815e1a9e9464ddcf7c9f67778300c55b9
                                                                                                                                  • Instruction ID: b5daf2baca918d0cf230683e9df65f613a92edffe34ad8963e6f0da804c76ebf
                                                                                                                                  • Opcode Fuzzy Hash: 3df2c7df524540e242c22f124650636815e1a9e9464ddcf7c9f67778300c55b9
                                                                                                                                  • Instruction Fuzzy Hash: 85019E2210A2E47FC7624A7A5C14CFB7FEDDA8B251B0900DBFAD4DA153C029CA56D7B1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBBC5F Relevance: .1, Instructions: 60COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e0a81e88a8b9e5f1acb64b64273552088e60e158b90182ef0f52f319c43f2c74
                                                                                                                                  • Instruction ID: c127565c3d6ca322246854fe57f4172980a050fc2c734619c0ed1f47436b60ab
                                                                                                                                  • Opcode Fuzzy Hash: e0a81e88a8b9e5f1acb64b64273552088e60e158b90182ef0f52f319c43f2c74
                                                                                                                                  • Instruction Fuzzy Hash: 711148792103059FC386E734AC105BE3FE3EFC12207144C6EE1428BA20DE787D8A83A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0321D64F Relevance: .1, Instructions: 58COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2243063943.000000000321D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0321D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_321d000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 949bb50533911007d26f25326d5b321b8db57adbec4f83123af93bd93003ba2a
                                                                                                                                  • Instruction ID: c9ef5595d9a2c65b283a370177b95b3af2f669ad96167f2d77408559ccba37bf
                                                                                                                                  • Opcode Fuzzy Hash: 949bb50533911007d26f25326d5b321b8db57adbec4f83123af93bd93003ba2a
                                                                                                                                  • Instruction Fuzzy Hash: A421A276504280DFCB16CF14D9C4B26BFB2FB98314F28C6A9D9480B656C33AD466CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0321D1F7 Relevance: .1, Instructions: 57COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2243063943.000000000321D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0321D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_321d000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: db3318e9db3d8b323e3df9c1dd764197f36da42afb8d5dfc4dbefd7104945367
                                                                                                                                  • Instruction ID: 5923b5c7ef5956ec3bd3579f02d5efc5d25a6b9e2b9e845fb675cae139aa50e7
                                                                                                                                  • Opcode Fuzzy Hash: db3318e9db3d8b323e3df9c1dd764197f36da42afb8d5dfc4dbefd7104945367
                                                                                                                                  • Instruction Fuzzy Hash: 0F21DF76404240CFDB16CF10DAC4B26FFA1FB84310F28C2AADC080B616C33AD46ACBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003A5A80 Relevance: .1, Instructions: 57COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2240826384.00000000002E0000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                  • Associated: 00000005.00000002.2240731577.0000000000270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                  • Associated: 00000005.00000002.2240762275.0000000000272000.00000040.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                  • Associated: 00000005.00000002.2240826384.0000000000421000.00000040.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                  • Associated: 00000005.00000002.2240826384.0000000000426000.00000040.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                  • Associated: 00000005.00000002.2240826384.0000000000441000.00000040.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                  • Associated: 00000005.00000002.2240826384.0000000000560000.00000040.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_270000_feswa.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b9e40a1840eb0b92b5509208a45e643b5193bade411e43b1adf201fe7557c923
                                                                                                                                  • Instruction ID: 882d26729d9679d9cde0bfe8229fc13f51ae69330e96e9b5cc553770ec3d9fa8
                                                                                                                                  • Opcode Fuzzy Hash: b9e40a1840eb0b92b5509208a45e643b5193bade411e43b1adf201fe7557c923
                                                                                                                                  • Instruction Fuzzy Hash: 6F115B787006808FD31AEF69E885A5977E7EBDB300F858275D4049B6A5CBB09C42CBA4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB63D0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 142b4c9908041a53d9fc16e0e36f5354ff45304c304a648c54649ed4910088d1
                                                                                                                                  • Instruction ID: 1f67be6e12e8753f2aa0d6627a26951a3c1baecf3a51fcf5d727b7ecfbba2ae9
                                                                                                                                  • Opcode Fuzzy Hash: 142b4c9908041a53d9fc16e0e36f5354ff45304c304a648c54649ed4910088d1
                                                                                                                                  • Instruction Fuzzy Hash: 9D1121327103008FD320CB6DE814F927BE5EB82320F14C66AF655CF6A2C7A0E816DB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0321D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2243063943.000000000321D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0321D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_321d000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ad23a2f592ad76b56b7d19513d9cb0c312328f6ea08e98d2bc95678cb65e8739
                                                                                                                                  • Instruction ID: b007a55b9c704ddf7aeb99722b73b536d29e4781d8f16a3b741487eaf1185b05
                                                                                                                                  • Opcode Fuzzy Hash: ad23a2f592ad76b56b7d19513d9cb0c312328f6ea08e98d2bc95678cb65e8739
                                                                                                                                  • Instruction Fuzzy Hash: 7D112976404240CFCB15CF00D6C4B26FFB1FB94314F28C6A9D8090B616C33AD466DBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 08564840 Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2274262041.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_8560000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9737f9bcfc5d0077022776bb21fdc616f79997299e0a6a26986b42f4c1a4e2c3
                                                                                                                                  • Instruction ID: 77c679c2f377cd1d7a75928b5af64e7b2c8dd817fe2c3dc18104f4838f4572c2
                                                                                                                                  • Opcode Fuzzy Hash: 9737f9bcfc5d0077022776bb21fdc616f79997299e0a6a26986b42f4c1a4e2c3
                                                                                                                                  • Instruction Fuzzy Hash: 231134B5C002898FDB10CF9AD444ADEFBF4EF89324F15852AD419A7710D374A545CFA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB8350 Relevance: .0, Instructions: 50COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 449ba44423a9f7b35255ef681d4e44f51c0f3ed8a51b256784fd4ce4a9029ca8
                                                                                                                                  • Instruction ID: 4ad35ae6effbbe7e56ca1be59611e8f8dfea5ef0a1ccca689b8a01d94ebfd5eb
                                                                                                                                  • Opcode Fuzzy Hash: 449ba44423a9f7b35255ef681d4e44f51c0f3ed8a51b256784fd4ce4a9029ca8
                                                                                                                                  • Instruction Fuzzy Hash: 3B017175B001199BDF10DAA9AC44AAFB7FAFBC8651F144036E614D3240DB71991587A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBC099 Relevance: .0, Instructions: 50COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d36eb29ec33de4a25cc9257b5f514bc640ddd200cc9c211cb230dcdf50f22131
                                                                                                                                  • Instruction ID: 0ce87983ce053d9f0749f978bbb61eb5de0877c030c7de5868431a4edebd0d44
                                                                                                                                  • Opcode Fuzzy Hash: d36eb29ec33de4a25cc9257b5f514bc640ddd200cc9c211cb230dcdf50f22131
                                                                                                                                  • Instruction Fuzzy Hash: 4001C4B92047048FD315EF65E50826A3BE3EFC5311B20CA2AE0478B651CFB89C4A8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBBC70 Relevance: .0, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54aff808f5cccd72fb51c08a1c9cb1f467d8c92417c7d1ff0f528cd004302064
                                                                                                                                  • Instruction ID: 7b962624d65a3f99b8ac44e0134441c5e5226aab77179dcf953e8adf2da2faaa
                                                                                                                                  • Opcode Fuzzy Hash: 54aff808f5cccd72fb51c08a1c9cb1f467d8c92417c7d1ff0f528cd004302064
                                                                                                                                  • Instruction Fuzzy Hash: 000124B9210206DFC3C5E778ED1057E7BE3EFC0260754482DE2468BA20DE787D8A8780
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0321DAD9 Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2243063943.000000000321D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0321D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_321d000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c61e462d80963ae044cdb75e2f76f7fab4ca95d5b8495e8627afbf8b7875e019
                                                                                                                                  • Instruction ID: 7dcbd286a7048f5928b165ad0a81034ae145c6f7938accc43abd8e6242f5951b
                                                                                                                                  • Opcode Fuzzy Hash: c61e462d80963ae044cdb75e2f76f7fab4ca95d5b8495e8627afbf8b7875e019
                                                                                                                                  • Instruction Fuzzy Hash: 1E01F771414301EAE710CA19DEC4737FFE8DF61320F1CC55AED0A4A246C3789984C671
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBE8B0 Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 90cdaaf0b34c462526c761dfaa22c0653182aff635db75660292b0a1ada23955
                                                                                                                                  • Instruction ID: 0aa3a1cffedd9423b7e347d376ed71ec93f64b373a88f564802f442b925e934e
                                                                                                                                  • Opcode Fuzzy Hash: 90cdaaf0b34c462526c761dfaa22c0653182aff635db75660292b0a1ada23955
                                                                                                                                  • Instruction Fuzzy Hash: 510126346083089FC741EF74D8104A93FB6EF8631071088E9E405CB662EA36DD11CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 085648F0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2274262041.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_8560000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 08971a17ba71eacba086a5a2008763e0788b9062ed62bdfb756208093bcede49
                                                                                                                                  • Instruction ID: 79ba9476de44ca319fa17696a2c193ee943f2f6dae889f8453e12b89884b606f
                                                                                                                                  • Opcode Fuzzy Hash: 08971a17ba71eacba086a5a2008763e0788b9062ed62bdfb756208093bcede49
                                                                                                                                  • Instruction Fuzzy Hash: 741115B5C0064ACFDB24CF99D584BEEBFF0EB48324F20816AD559A3600C3796545CFA5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB5508 Relevance: .0, Instructions: 42COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1cc2efdc038bd57131dbfa58c680deeae824820804a84ede24ca4b1fadcc617c
                                                                                                                                  • Instruction ID: 5ce65396aa4ad9069efc5b37138dfeee1785a43acfe2932fbcce93e1a1fbd2be
                                                                                                                                  • Opcode Fuzzy Hash: 1cc2efdc038bd57131dbfa58c680deeae824820804a84ede24ca4b1fadcc617c
                                                                                                                                  • Instruction Fuzzy Hash: 78018631E11302CFD7A59E3EA8045A7B7F7BF8420E714982DE44786504DA79E480CF95
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBC0A8 Relevance: .0, Instructions: 42COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6e7f1b122b81eeb2333f2a07205a62276b05c65e6e232821cf6ea728d6074f91
                                                                                                                                  • Instruction ID: 25d121fd0e61fe7ccc14919b6cb5f01ff74a7e77b2bfc463481e574e7ffd0d02
                                                                                                                                  • Opcode Fuzzy Hash: 6e7f1b122b81eeb2333f2a07205a62276b05c65e6e232821cf6ea728d6074f91
                                                                                                                                  • Instruction Fuzzy Hash: 330175B82003058FD315EF65D50465A7BE3FFC9315B208A2DE54787745CFB8AC498B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB8F43 Relevance: .0, Instructions: 41COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2bf4fb55889918d2c714b661f52c860fe87a7ac78b05c4465695dd0803cdd17c
                                                                                                                                  • Instruction ID: 4d7ed628ae30d18afef52586de66856b8b78a6d2dee772f81c4898fad45e49b2
                                                                                                                                  • Opcode Fuzzy Hash: 2bf4fb55889918d2c714b661f52c860fe87a7ac78b05c4465695dd0803cdd17c
                                                                                                                                  • Instruction Fuzzy Hash: 870125B8C09259DFCB41DFA9D9446EEBFB5AB49300F1051AAE465A3341D7340B44CFA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB5DC3 Relevance: .0, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 53889844e3720f8932fff052da409ee348f350c36f7fde6ac8bfe2599ab2631b
                                                                                                                                  • Instruction ID: 464c98909561f214ca6126c56c12c9101198f06ade5bb64b375d1698167df14a
                                                                                                                                  • Opcode Fuzzy Hash: 53889844e3720f8932fff052da409ee348f350c36f7fde6ac8bfe2599ab2631b
                                                                                                                                  • Instruction Fuzzy Hash: 9AF059317093418FC7119F3BFC448EABBEADF8922130498ABF049CB262DA24DC40C7A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBBD70 Relevance: .0, Instructions: 39COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 002dfaa0edbd00211e2d16656078f3e1720f8f37a8a76b79a9002292fe021b02
                                                                                                                                  • Instruction ID: 118dbf491b993573c53d4bb33d8dd1dd70be9539ba2eb44cf0a1ce3923edc044
                                                                                                                                  • Opcode Fuzzy Hash: 002dfaa0edbd00211e2d16656078f3e1720f8f37a8a76b79a9002292fe021b02
                                                                                                                                  • Instruction Fuzzy Hash: 7201D635505B048FD316DF26E4091A2BBF1FB88310700851BE446C2A11DF78694ACF95
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB54F8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ad05ba5e07427d23a29b3fb74155730cec0442cb7ed95b3a40c460b8318c3053
                                                                                                                                  • Instruction ID: dc632deab6c623dbf989788eb0afc5f6d029f1b000536332264f4775f835de6a
                                                                                                                                  • Opcode Fuzzy Hash: ad05ba5e07427d23a29b3fb74155730cec0442cb7ed95b3a40c460b8318c3053
                                                                                                                                  • Instruction Fuzzy Hash: 56F04630A053418FC762CE2AD800AE7BBBBAF8121AF18A55DE44247941C7B9E484CBD4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBADE9 Relevance: .0, Instructions: 38COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2ec719f0e013f752bf9f7aa288efe4e2f1fc66c5d94da54d9ce58fe1c2e5a153
                                                                                                                                  • Instruction ID: 85af5efc0fb5da2b452a7ba6c967000f0d99a3635cb72e549db9ec5e2b52f67b
                                                                                                                                  • Opcode Fuzzy Hash: 2ec719f0e013f752bf9f7aa288efe4e2f1fc66c5d94da54d9ce58fe1c2e5a153
                                                                                                                                  • Instruction Fuzzy Hash: 77F0E2352092406FC3117769A8556EABFEAEFCB724B0044AEF14AC7643CE65188A87B1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB63C0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c0a2dc2d6917ca2736e61f6635fc48c8978479f05c024fbc4f1671b12c5d02d4
                                                                                                                                  • Instruction ID: be6019122b977d7053c227cc9640ff4148dcea5c2822ef2d452cd9ef3abe9710
                                                                                                                                  • Opcode Fuzzy Hash: c0a2dc2d6917ca2736e61f6635fc48c8978479f05c024fbc4f1671b12c5d02d4
                                                                                                                                  • Instruction Fuzzy Hash: A9F0CD32B15340AFC7218A2AAC05F967FE6EB82710F2881AAF254CF1A2D6A1D855C750
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB8F50 Relevance: .0, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6129483749883b5a672393dbacbd49a8b0fda47c027b2675779ae03f5e50debd
                                                                                                                                  • Instruction ID: 45befdf1991e414bca0b2b3ace7b55287af7b646f97b89fe6e5ad3333db87d28
                                                                                                                                  • Opcode Fuzzy Hash: 6129483749883b5a672393dbacbd49a8b0fda47c027b2675779ae03f5e50debd
                                                                                                                                  • Instruction Fuzzy Hash: 1401D6B8D04219EFDF44DFAAD9456EEBBF5BB88301F1091AAD425A3350E7340A40DF91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0321DAD8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2243063943.000000000321D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0321D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_321d000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8f1a59b32830bc16b8588877a1bf349149ff00c2d50967abb4684a06ccbe2c27
                                                                                                                                  • Instruction ID: 862936cdc43e45475fb0648f887529b6a1b3e76ef1ce6953ea95047cf83b8101
                                                                                                                                  • Opcode Fuzzy Hash: 8f1a59b32830bc16b8588877a1bf349149ff00c2d50967abb4684a06ccbe2c27
                                                                                                                                  • Instruction Fuzzy Hash: C7F06271404344AEEB108A16DD84B63FFD8EF91724F18C55AED094B286C3799884DBB1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBACB8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: af042883a6ea536ef92d520ffa5db279181888aad9689cebffda2af87770089c
                                                                                                                                  • Instruction ID: 1869274c347f5d83083c93dfd2375261845b54ab39b9038ed30372088c7aeaf2
                                                                                                                                  • Opcode Fuzzy Hash: af042883a6ea536ef92d520ffa5db279181888aad9689cebffda2af87770089c
                                                                                                                                  • Instruction Fuzzy Hash: C9F052F230D2A06FC31227386C250FD3FE5DAC626130840DFE182CB652CA985902C3E6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB6EA0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6ef3544a19de6ac3158c81caf01d9436f1eea8aed450c5ea17a0ae502092ec67
                                                                                                                                  • Instruction ID: 08c5f17eeefc6647fe03eeb0d04940af83c442adffbeaea94d3669809b44ae58
                                                                                                                                  • Opcode Fuzzy Hash: 6ef3544a19de6ac3158c81caf01d9436f1eea8aed450c5ea17a0ae502092ec67
                                                                                                                                  • Instruction Fuzzy Hash: D8F037762041E87F8B558E9B5C14CFB7FEDDA8E161B0840A6FFD8D2141C439CA619BB0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBBD10 Relevance: .0, Instructions: 35COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 10b2f9c7e2ee850768d596c28a2548e23e50c8f8b22b5d3a87da0afbb8231409
                                                                                                                                  • Instruction ID: d00e642506f8eff163a1e3e5f66f7790c85d358bff03900b3785a129e05da4d9
                                                                                                                                  • Opcode Fuzzy Hash: 10b2f9c7e2ee850768d596c28a2548e23e50c8f8b22b5d3a87da0afbb8231409
                                                                                                                                  • Instruction Fuzzy Hash: 53F0F6752097D44FC312D729E8156EA3FE2DF82214B04059BE1818B643CA695D49C7A2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB8341 Relevance: .0, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0d85e0d007b7d39564ddb0e03edb0ea60ae98688c74970198ac0c6cd1ec80d20
                                                                                                                                  • Instruction ID: 94159bfbbbf8cf689c25d6417f8f4e763bde5f6fc203d0483886667d64a287fa
                                                                                                                                  • Opcode Fuzzy Hash: 0d85e0d007b7d39564ddb0e03edb0ea60ae98688c74970198ac0c6cd1ec80d20
                                                                                                                                  • Instruction Fuzzy Hash: EDF0A732F011595FCB609A7AAC485AFBBFEEBC5251B08007BE654D3101FB31881987A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB8FC0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d50139720abfc72df8ef294b097602af2fefdc58f275d614110301cf69a45ed7
                                                                                                                                  • Instruction ID: c3b693d5a8407aba3c4bd78bd1ddc5e3fc6ddc7d1297ca7dbf9c03e422a42360
                                                                                                                                  • Opcode Fuzzy Hash: d50139720abfc72df8ef294b097602af2fefdc58f275d614110301cf69a45ed7
                                                                                                                                  • Instruction Fuzzy Hash: 06F0CDB9C08249DFDB00CFA5C8550EDBFB1EB9A341F0461C6E856E7350E7394A01DB40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBAC70 Relevance: .0, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: afa7d4334ea6cccc473437352dfffd86822a006f1412ff20c787b6699a3328c4
                                                                                                                                  • Instruction ID: 60b42050c945f7b5de4d26d2c71be32cd0f70471c32ae8dd4388ecdecac318bd
                                                                                                                                  • Opcode Fuzzy Hash: afa7d4334ea6cccc473437352dfffd86822a006f1412ff20c787b6699a3328c4
                                                                                                                                  • Instruction Fuzzy Hash: 13E022713192942FC7072338A8250AD7FA9EAC223130940ABE186C7642CE581C4683EA
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBADF8 Relevance: .0, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 409b8225a1ab42c12f391eda9ca2a3f63cb2e41c5ce74af5bbfb1e9c31ba8098
                                                                                                                                  • Instruction ID: 791c869795337ae57f2469d207e0fad6b00da1528e33e21232459f233b1aa591
                                                                                                                                  • Opcode Fuzzy Hash: 409b8225a1ab42c12f391eda9ca2a3f63cb2e41c5ce74af5bbfb1e9c31ba8098
                                                                                                                                  • Instruction Fuzzy Hash: 49E0D875301204ABC310BBAEE949A9FBFDEEBCA361B10442DF10EC3641CEA5184947B1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB5698 Relevance: .0, Instructions: 27COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 83323daebac8b6d686243243ac9523a7acdc0cc7ea69e02bccd475302ef51d87
                                                                                                                                  • Instruction ID: db246947c6e7944b3614f1403d966f430e3b882cf27d0dbc09d9eb9b63b22410
                                                                                                                                  • Opcode Fuzzy Hash: 83323daebac8b6d686243243ac9523a7acdc0cc7ea69e02bccd475302ef51d87
                                                                                                                                  • Instruction Fuzzy Hash: 58E06DB250D300AFD345DA24AC09C97BBE9EBA2220B15886EF444C7144E631D841C7A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBCC38 Relevance: .0, Instructions: 27COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fd061f9eb0832d806a746c2d8736bba0356e6610115388de27cb1445d0c7d249
                                                                                                                                  • Instruction ID: 3a3309f6189637e411954f0471bee480680e408ee7786d6a5fa50ca179ea8d00
                                                                                                                                  • Opcode Fuzzy Hash: fd061f9eb0832d806a746c2d8736bba0356e6610115388de27cb1445d0c7d249
                                                                                                                                  • Instruction Fuzzy Hash: 19E0487A2096905FC752DA16F4007E93BA1D785230B1186ABD0808FA55CB381D4997D2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBBD80 Relevance: .0, Instructions: 27COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7eb88bcdf70665ec0f116ee6dd39ea486d5f6c0ba0670b1aa6907feb6ae115ea
                                                                                                                                  • Instruction ID: a5371364832ab9ae76c56c1b6f7dd6a5d96d65bc8d331484aa144313db211c6b
                                                                                                                                  • Opcode Fuzzy Hash: 7eb88bcdf70665ec0f116ee6dd39ea486d5f6c0ba0670b1aa6907feb6ae115ea
                                                                                                                                  • Instruction Fuzzy Hash: F3F09A74501B05CFD765DF66E5495A2BBF2FB88300700862EE84B82A10DFB8A94ACF94
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBB500 Relevance: .0, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6fe8f564c48176b42aaf31bb02fa025d7c3e9c45ff1ab4b8c3768a18fb3b4690
                                                                                                                                  • Instruction ID: b41313af923599a29769a0b1bc73526cdedf0ac8af4a6ce11750ff3386086648
                                                                                                                                  • Opcode Fuzzy Hash: 6fe8f564c48176b42aaf31bb02fa025d7c3e9c45ff1ab4b8c3768a18fb3b4690
                                                                                                                                  • Instruction Fuzzy Hash: 44F01575E0420CBFCB41DFB4E9458DDBBB8EB08300F1042A6E809E2240EA345B459B92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBCE88 Relevance: .0, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7de9f6f687b79040e7c5d4852711ab3750061d8937dd14bc49232f593e470ee5
                                                                                                                                  • Instruction ID: fab385a3bd5f732eff0f32164acb7d2bdd01940ea318a5213de6a5cdb16c4123
                                                                                                                                  • Opcode Fuzzy Hash: 7de9f6f687b79040e7c5d4852711ab3750061d8937dd14bc49232f593e470ee5
                                                                                                                                  • Instruction Fuzzy Hash: 91E0DF7D10A3C0BFC752E721B4026E93FA2DB42220B01C4AEE8808FA01C73C4D8583D2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBBD20 Relevance: .0, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fbcb8f31b7126931ef425320fc139c89d8a83b9206b2416e4c3a738f7cc6185f
                                                                                                                                  • Instruction ID: b4d3b7347b4e3fa4fa3fe9182a6bc797bd209eb7d2d8e367fc30175793db13c0
                                                                                                                                  • Opcode Fuzzy Hash: fbcb8f31b7126931ef425320fc139c89d8a83b9206b2416e4c3a738f7cc6185f
                                                                                                                                  • Instruction Fuzzy Hash: DDE0E5742007554FC311E72DE40979F7FE6DF81314F04086EE14687602CBA96C058791
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBE8F8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 300018cb8f0472ef11c565610fc247a17f87c5453809008590206a22596b6a5e
                                                                                                                                  • Instruction ID: 8ee611c910ad5815098245ea2fd07b803657d227a3bf0f2c7be63f6e2f137966
                                                                                                                                  • Opcode Fuzzy Hash: 300018cb8f0472ef11c565610fc247a17f87c5453809008590206a22596b6a5e
                                                                                                                                  • Instruction Fuzzy Hash: 20E0123E21C2449FD702DB55E8418E53F75FF8A62034490C6F5418F572C622AD25DBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBE280 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4394781348bd166042b93105394f8264095e31028134052f9d83a89d758f7126
                                                                                                                                  • Instruction ID: 407cf5998baa902ab1c27b9e7befb1d9bbef7af033b27d0aaf8df9fbe328f3b9
                                                                                                                                  • Opcode Fuzzy Hash: 4394781348bd166042b93105394f8264095e31028134052f9d83a89d758f7126
                                                                                                                                  • Instruction Fuzzy Hash: 90E0D87D504785AFC701E625F9557D43BA1F749314B01806ED4004F9A1CB6C0E8ADBC1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBE1FF Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ce37f1abace5d5beea7f2032ae08478eff119ebeaa476dfaa50d19b177ef5f72
                                                                                                                                  • Instruction ID: 972d4b45af4296bc6cfb2f062d7d764a745abc74065c04d5726469ee21e5aed4
                                                                                                                                  • Opcode Fuzzy Hash: ce37f1abace5d5beea7f2032ae08478eff119ebeaa476dfaa50d19b177ef5f72
                                                                                                                                  • Instruction Fuzzy Hash: 1BE09AB5A44208FFCB41CF64A84069D3BB2DB82200B2081DAE808DB251D6740F548792
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBAC80 Relevance: .0, Instructions: 20COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a6640a252f6f2918df9abdae1bf4b2d1b5a34e4724a540c148aeee81713844e5
                                                                                                                                  • Instruction ID: 8897bcba21182b65ea1c5d652e5319c3128ffc27b629bedd24641aa356d1a4f6
                                                                                                                                  • Opcode Fuzzy Hash: a6640a252f6f2918df9abdae1bf4b2d1b5a34e4724a540c148aeee81713844e5
                                                                                                                                  • Instruction Fuzzy Hash: 3FD02B7131011867C605732CB4184AE3BEADBC4231304402EF50AC3200CF682D0143D6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBB510 Relevance: .0, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6f6a982d566e8017d327239c30c8a1dba7458b77df0776ebfc575245276afe1c
                                                                                                                                  • Instruction ID: 6daec66472c3474c7afaf1799e684eeb2bd46848accd0a6b9f15e98296bcb3e9
                                                                                                                                  • Opcode Fuzzy Hash: 6f6a982d566e8017d327239c30c8a1dba7458b77df0776ebfc575245276afe1c
                                                                                                                                  • Instruction Fuzzy Hash: F6E09A75E0020CEFCB40DFE4D5458DDBBB9EB48200F1082A6D805A3200EB345B55DF80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB5DD0 Relevance: .0, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 74f8d7d8da908ee83c0e1c061a1aa32441acac8c4808c193e6d52d5ad0759668
                                                                                                                                  • Instruction ID: 68c06aca260ab87532347964e26d35e86a26ff113fe26f0637084ddc299a65e5
                                                                                                                                  • Opcode Fuzzy Hash: 74f8d7d8da908ee83c0e1c061a1aa32441acac8c4808c193e6d52d5ad0759668
                                                                                                                                  • Instruction Fuzzy Hash: 37D05E3160071647CA14A66AE844896B7DBDF882213008969A90A8B551DE64E84187C4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBE210 Relevance: .0, Instructions: 16COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7d061a35a155c4e24247a1f830711f6df686cad7e1e0031d13bcc3d5dd9cd0be
                                                                                                                                  • Instruction ID: dfb6e3a9a4610bb50ff0359dfdcbf8926922ab8ba5dc4a68dc5539c0410fa11a
                                                                                                                                  • Opcode Fuzzy Hash: 7d061a35a155c4e24247a1f830711f6df686cad7e1e0031d13bcc3d5dd9cd0be
                                                                                                                                  • Instruction Fuzzy Hash: F0D05BB5A0020CFFCB40DFA8E90159D77F5DB44214F2085EDD408D7200DB712F509791
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBF4EA Relevance: .0, Instructions: 15COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6224cd59840ce8d435320b3dcd8aac5df1df60be9d8662e19966fff209ed5d5e
                                                                                                                                  • Instruction ID: 17715b7b0a192fbae3eb4b3334894fa782658063bab9e6b50aee1a40763b6610
                                                                                                                                  • Opcode Fuzzy Hash: 6224cd59840ce8d435320b3dcd8aac5df1df60be9d8662e19966fff209ed5d5e
                                                                                                                                  • Instruction Fuzzy Hash: C0C0127A7841100B4694F65C70001ACA6D3C2D82B33B5416FE60DCB344CDA06C564784
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FB3721 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d46728269a802a9ab2014b294a5d1feb42bcb48dda8539207e1fb9349dfff5fb
                                                                                                                                  • Instruction ID: 0c0097c0b93e49beed93eefedb5a51ccd9781c0b8872c6dfa2d97ab327989ac6
                                                                                                                                  • Opcode Fuzzy Hash: d46728269a802a9ab2014b294a5d1feb42bcb48dda8539207e1fb9349dfff5fb
                                                                                                                                  • Instruction Fuzzy Hash: 9BC0123504E3C12FC7024B302D0AD8A7FB61B82300B5A448BA2C08909382210469DBB3
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 06FBDFD1 Relevance: .0, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2266643164.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6fb0000_feswa.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 565ed432723d55d3dbdec93e4c63e94ef4a8c273bc78d8d5951d0bbfe009aacd
                                                                                                                                  • Instruction ID: a0cda567c649f8c8d5cd1ac20a00f796666cb91fcffb27be7ffba72a94ed7708
                                                                                                                                  • Opcode Fuzzy Hash: 565ed432723d55d3dbdec93e4c63e94ef4a8c273bc78d8d5951d0bbfe009aacd
                                                                                                                                  • Instruction Fuzzy Hash: 9DC09B3258D7D05EDB4607309C0A4C43F10EF5773171540C7D6448F063D7250405CAC7
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%