Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ReefMasterSonarViewer1.1.42.exe

Overview

General Information

Sample name:ReefMasterSonarViewer1.1.42.exe
Analysis ID:1431860
MD5:c62866600614868da4941c5346ff120a
SHA1:ed20d35ef4551846302185f94275553b2f3c85a3
SHA256:0575af1327f2ad125653e40d15abde6dbabb9de5e628fa674c122f95a6c1c55a
Infos:

Detection

Score:36
Range:0 - 100
Whitelisted:false
Confidence:0%

Compliance

Score:48
Range:0 - 100

Signatures

Snort IDS alert for network traffic
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Analysis Advice

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook

Process Tree

  • System is w10x64native
  • ReefMasterSonarViewer1.1.42.exe (PID: 3408 cmdline: "C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" MD5: C62866600614868DA4941C5346FF120A)
    • ReefMasterSonarViewer1.1.42.exe (PID: 8648 cmdline: "C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" /i "C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\ReefMasterSonarViewer1.1.42.msi" AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReefMaster Sonar Viewer" APPDIR="C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer" SECONDSEQUENCE="1" CLIENTPROCESSID="3408" CHAINERUIPROCESSID="3408Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_FOUND_PREREQS=".NET Framework 4.5" AI_DETECTED_DOTNET_VERSION="4.8" AI_SETUPEXEPATH="C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" SETUPEXEDIR="C:\Users\user\Desktop\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1714054620 " AI_SETUPEXEPATH_ORIGINAL="C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" TARGETDIR="C:\" AI_INSTALL="1" MD5: C62866600614868DA4941C5346FF120A)
  • msiexec.exe (PID: 4588 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7556 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 814FD75CA49A0CAF6F4632D049971993 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8832 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 775B6AE01A687B1CA3B58C881C9C64E9 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • ReefMasterSonarViewer.exe (PID: 9152 cmdline: "C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe" MD5: F9102FCEA8DC399EB9AE26DDA815D0C9)
    • sonarviewer_updater.exe (PID: 6900 cmdline: "C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe" /justcheck MD5: B797EC561F9F0576F7E55415B67CA62D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

Timestamp:04/25/24-22:06:57.533542
SID:2834928
Source Port:50378
Destination Port:80
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15595608 GetModuleHandleA,GetProcAddress,MultiByteToWideChar,PFXImportCertStore,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,CertOpenStore,GetLastError,CryptStringToBinaryW,CertFindCertificateInStore,CertCloseStore,CertFreeCertificateContext,CertFreeCertificateContext,14_2_00007FFD15595608
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15563D78 CryptGenRandom,14_2_00007FFD15563D78
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15563A54 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,14_2_00007FFD15563A54
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15597650 CryptHashData,14_2_00007FFD15597650
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15597604 CryptAcquireContextW,CryptCreateHash,14_2_00007FFD15597604
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15597660 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,14_2_00007FFD15597660
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15563D20 CryptReleaseContext,14_2_00007FFD15563D20
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155A2838 GetLastError,CreateFileW,GetLastError,GetFileSizeEx,GetLastError,ReadFile,CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,GetLastError,CloseHandle,14_2_00007FFD155A2838
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15594870 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,14_2_00007FFD15594870
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15594934 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,14_2_00007FFD15594934
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155A2BD4 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,14_2_00007FFD155A2BD4
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: -----BEGIN PUBLIC KEY-----14_2_00007FFD15581CC8
Source: ReefMasterSonarViewer.exeBinary or memory string: -----BEGIN PUBLIC KEY-----

Compliance

barindex
Uses 32bit PE files
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 45.33.71.201:443 -> 192.168.11.20:50383 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: wininet.pdb source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149766463670.0000000003EF0000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.149953380192.00000000039D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Wyatt\Documents\Visual Studio 2005\Projects\limelm-native-clients\bin64\Release\TurboActivateLib.pdb source: ReefMasterSonarViewer.exe, 0000000E.00000002.151033527663.00007FFD155FE000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\ExternalUICleaner.pdb, source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb\ source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.DXGI.pdbw source: ReefMasterSonarViewer.exe, 0000000E.00000002.151027384088.000002A45F872000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\ExternalUICleaner.pdb source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdbl source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.dr
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.Direct3D9.pdb$k source: SharpDX.Direct3D9.dll.6.dr
Source: Binary string: lease\custact\x86\AICustAct.pdb source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053688162.0000000006505000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150085724522.0000000006514000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000002.150089288030.0000000006515000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150083019662.000000000650C000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082522881.0000000006505000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.Direct3D9.pdb source: SharpDX.Direct3D9.dll.6.dr
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdb source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.Direct3D11.pdb source: ReefMasterSonarViewer.exe, 0000000E.00000002.151018158616.000002A45E9D2000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\Prereq.pdb source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\JobRelease\win\Release\custact\x86\Prereq.pdbi source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: D3DCompiler_43.pdb source: ReefMasterSonarViewer.exe, ReefMasterSonarViewer.exe, 0000000E.00000002.151034554218.00007FFD166C1000.00000020.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.DXGI.pdb source: ReefMasterSonarViewer.exe, 0000000E.00000002.151027384088.000002A45F872000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.D3DCompiler.pdb source: SharpDX.D3DCompiler.dll.6.dr
Source: Binary string: wininet.pdbUGP source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149766463670.0000000003EF0000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.149953380192.00000000039D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.Direct3D11.pdb$ source: ReefMasterSonarViewer.exe, 0000000E.00000002.151018158616.000002A45E9D2000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: c:\Products\WpfRibbonBuild\SourceCode\trunk\DevComponents.WPF.Controls\obj\Release\DevComponents.WPF.Controls.pdb source: ReefMasterSonarViewer.exe, 0000000E.00000002.151019455565.000002A45EC72000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: c:\Users\Matthew\Documents\Dev\Gong\gong-wpf-dragdrop-master\GongSolutions.Wpf.DragDrop\obj\Debug\GongSolutions.Wpf.DragDrop.pdbD source: ReefMasterSonarViewer.exe, 0000000E.00000002.151027243378.000002A45F6D2000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.pdb source: ReefMasterSonarViewer.exe, 0000000E.00000002.151018551009.000002A45EA62000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: c:\Users\Matthew\Documents\Dev\Gong\gong-wpf-dragdrop-master\GongSolutions.Wpf.DragDrop\obj\Debug\GongSolutions.Wpf.DragDrop.pdb source: ReefMasterSonarViewer.exe, 0000000E.00000002.151027243378.000002A45F6D2000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D3DCompiler_43.pdbH source: ReefMasterSonarViewer.exe, 0000000E.00000002.151034554218.00007FFD166C1000.00000020.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\lzmaextractor.pdb source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbg source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.dr
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\Updater.pdb source: sonarviewer_updater.exe, 0000000F.00000002.150116550309.0000000000E3B000.00000002.00000001.01000000.0000000D.sdmp, sonarviewer_updater.exe, 0000000F.00000000.150093611695.0000000000E3B000.00000002.00000001.01000000.0000000D.sdmp
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: z:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: x:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: v:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: t:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: r:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: p:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: n:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: l:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: j:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: h:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: f:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: d:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: b:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: y:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: w:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: u:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: s:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: q:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: o:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: m:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: k:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: i:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: g:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: e:Jump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeFile opened: c:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile opened: a:Jump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E4A3A0 FindFirstFileW,GetLastError,FindClose,5_2_00E4A3A0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E52810 FindFirstFileW,FindClose,FindClose,5_2_00E52810
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E67100 ReadFile,FindFirstFileW,FindClose,CloseHandle,CloseHandle,CloseHandle,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DuplicateHandle,CloseHandle,5_2_00E67100
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E68080 FindFirstFileW,FindClose,5_2_00E68080
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E72050 FindFirstFileW,FindClose,5_2_00E72050
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E749E0 FindFirstFileW,FindClose,5_2_00E749E0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E4EE20 FindFirstFileW,FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,5_2_00E4EE20
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E4A3A0 FindFirstFileW,GetLastError,FindClose,9_2_00E4A3A0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155ED0C0 FindFirstFileExW,14_2_00007FFD155ED0C0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E3ED30 GetLogicalDriveStringsW,5_2_00E3ED30

Networking

barindex
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2834928 ETPRO MALWARE Observed Suspicious UA (AdvancedInstaller) 192.168.11.20:50378 -> 20.60.80.196:80
Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
Source: global trafficHTTP traffic detected: POST /limelm/api/rest/ HTTP/1.1Host: wyday.comAuthorization: Basic Og==User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept: */*Accept-Encoding: brContent-Length: 782Content-Type: application/x-www-form-urlencoded
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1558F828 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,closesocket,closesocket,closesocket,closesocket,14_2_00007FFD1558F828
Source: ReefMasterSonarViewer1.1.42.exeString found in binary or memory: ALShell32.dllShlwapi.dllbinSoftware\JavaSoft\Java Runtime Environment\Software\JavaSoft\Java Development Kit\JavaHomeFlashWindowExFlashWindowGetPackagePathKernel32.dllhttp://www.google.comhttp://www.example.comhttp://www.yahoo.comtin9999.tmpTEST.partattachmentHEAD "=charsetfilename123DLDutf-8POSTISO-8859-1utf-16AdvancedInstallerUS-ASCIILocal Network ServerGET*/*FTP ServerRange: bytes=%u- equals www.yahoo.com (Yahoo)
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000000.149752094953.0000000000F37000.00000002.00000001.01000000.00000004.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000002.150010724584.0000000000F37000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: Shell32.dllShlwapi.dllbinSoftware\JavaSoft\Java Runtime Environment\Software\JavaSoft\Java Development Kit\JavaHomeFlashWindowExFlashWindowGetPackagePathKernel32.dllhttp://www.google.comhttp://www.example.comhttp://www.yahoo.comtin9999.tmpTEST.partattachmentHEAD "=charsetfilename123DLDutf-8POSTISO-8859-1utf-16AdvancedInstallerUS-ASCIILocal Network ServerGET*/*FTP ServerRange: bytes=%u- equals www.yahoo.com (Yahoo)
Source: ReefMasterSonarViewer1.1.42.exeString found in binary or memory: http://www.yahoo.com equals www.yahoo.com (Yahoo)
Source: global trafficDNS traffic detected: DNS query: wyday.com
Source: unknownHTTP traffic detected: POST /limelm/api/rest/ HTTP/1.1Host: wyday.comAuthorization: Basic Og==User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept: */*Accept-Encoding: brContent-Length: 782Content-Type: application/x-www-form-urlencoded
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151033527663.00007FFD155FE000.00000002.00000001.01000000.0000000E.sdmp, TurboActivate.dll.6.drString found in binary or memory: http://.css
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151033527663.00007FFD155FE000.00000002.00000001.01000000.0000000E.sdmp, TurboActivate.dll.6.drString found in binary or memory: http://.jpg
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.dr, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.dr, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082328381.000000000097B000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000002.150087103964.000000000099C000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149763968615.000000000099E000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082716103.000000000097B000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082845986.000000000099A000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053603692.0000000000978000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053420732.0000000000954000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149971177637.0000000000954000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000002.150011223373.0000000001260000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer.exe, 0000000E.00000002.151016938725.000002A45E7E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149971177637.0000000000954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.dr, MSI28B7.tmp.6.drString found in binary or memory: http://crl.comodoca.com/COMODORSAExtendedValidationCodeSigningCA.crl0
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082328381.000000000097B000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000002.150087103964.000000000099C000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149763968615.000000000099E000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082716103.000000000097B000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082845986.000000000099A000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053603692.0000000000978000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053420732.0000000000954000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149971177637.0000000000954000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.150009909403.00000000012F2000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.149949641020.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.149949749438.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000002.150011601011.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.150009347313.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer.exe, 0000000E.00000002.151016938725.000002A45E7E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: ReefMasterSonarViewer1.1.42.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.dr, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.dr, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.dr, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.dr, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: ReefMasterSonarViewer1.1.42.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000002.150088876344.00000000059A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.usertrust
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ReefMasterSonarViewer;component/controls/applicationsettingscontrol.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ReefMasterSonarViewer;component/controls/datapanel.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ReefMasterSonarViewer;component/controls/mouseoverpopup.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ReefMasterSonarViewer;component/controls/quickaccesstoolbar.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ReefMasterSonarViewer;component/controls/recentfilelistcontrol.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ReefMasterSonarViewer;component/controls/sonarviewercontrolbar.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44686C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ReefMasterSonarViewer;component/controls/trialwindow.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ReefMasterSonarViewer;component/sonarviewer/channelselectcontrol.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ReefMasterSonarViewer;component/sonarviewer/sonarviewerchannelgridrows.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A4469B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/Camera35.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/ControlBarIcons/PlayD25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/ControlBarIcons/PlayN25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/ControlBarIcons/PlayO25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/ControlBarIcons/ShowMapD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/ControlBarIcons/ShowMapN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/ControlBarIcons/ShowMapO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/ControlBarIcons/ShowSonarD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/ControlBarIcons/ShowSonarN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/ControlBarIcons/ShowSonarO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/ControlBarIcons/StopD25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/ControlBarIcons/StopN25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/ControlBarIcons/StopO25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/Help_D_QA20px.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/Help_N_QA20px.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/Logo_White.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/DropPinD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/DropPinN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/DropPinO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/GrabD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/GrabN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/GrabO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/PointerD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/PointerN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/PointerO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/RulerD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/RulerN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/RulerO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/ZoomD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/ZoomN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/MouseModeIcons/ZoomO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/Note16.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/QuickAccessToolbar/Open_D_QA20px.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44686C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/logo.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/mouse.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44655F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Resources/Images/save23.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A4469B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/Camera35.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/ControlBarIcons/PlayD25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/ControlBarIcons/PlayN25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/ControlBarIcons/PlayO25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/ControlBarIcons/ShowMapD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/ControlBarIcons/ShowMapN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/ControlBarIcons/ShowMapO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/ControlBarIcons/ShowSonarD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/ControlBarIcons/ShowSonarN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/ControlBarIcons/ShowSonarO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/ControlBarIcons/StopD25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/ControlBarIcons/StopN25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/ControlBarIcons/StopO25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/Help_D_QA20px.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/Help_N_QA20px.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/Logo_White.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/DropPinD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/DropPinN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/DropPinO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/GrabD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/GrabN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/GrabO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/PointerD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/PointerN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/PointerO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/RulerD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/RulerN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/RulerO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/ZoomD50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/ZoomN50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/MouseModeIcons/ZoomO50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/Note16.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/QuickAccessToolbar/Open_D_QA20px.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44686C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/logo.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/mouse.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44655F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Resources/Images/save23.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/controls/applicationsettingscontrol.baml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/controls/datapanel.baml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/controls/mouseoverpopup.baml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/controls/quickaccesstoolbar.baml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/controls/recentfilelistcontrol.baml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/controls/sonarviewercontrolbar.baml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44686C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/controls/trialwindow.baml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A4469B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/camera35.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/controlbaricons/playd25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/controlbaricons/playn25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/controlbaricons/playo25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/controlbaricons/showmapd50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/controlbaricons/showmapn50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/controlbaricons/showmapo50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/controlbaricons/showsonard50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/controlbaricons/showsonarn50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/controlbaricons/showsonaro50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/controlbaricons/stopd25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/controlbaricons/stopn25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/controlbaricons/stopo25.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/help_d_qa20px.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/help_n_qa20px.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44686C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/logo.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/logo_white.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mouse.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/droppind50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/droppinn50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/droppino50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/grabd50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/grabn50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/grabo50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/pointerd50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/pointern50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/pointero50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/rulerd50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/rulern50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/rulero50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/zoomd50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/zoomn50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/mousemodeicons/zoomo50.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/note16.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/quickaccesstoolbar/open_d_qa20px.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44655F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/resources/images/save23.png
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/sonarviewer/channelselectcontrol.baml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/sonarviewer/sonarviewerchannelgridrows.baml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/controls/applicationsettingscontrol.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/controls/datapanel.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/controls/mouseoverpopup.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/controls/quickaccesstoolbar.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/controls/recentfilelistcontrol.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/controls/sonarviewercontrolbar.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44686C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/controls/trialwindow.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/sonarviewer/channelselectcontrol.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/sonarviewer/sonarviewerchannelgridrows.xaml
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151033527663.00007FFD155FE000.00000002.00000001.01000000.0000000E.sdmp, TurboActivate.dll.6.drString found in binary or memory: http://html4/loose.dtd
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.dr, MSI28B7.tmp.6.drString found in binary or memory: http://ocsp.comodoca.com0
Source: TurboActivate.dll.6.drString found in binary or memory: http://ocsp.comodoca.com02
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.dr, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.dr, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0O
Source: ReefMasterSonarViewer1.1.42.exeString found in binary or memory: http://ocsp.sectigo.com0
Source: MSI28B7.tmp.6.dr, sonarviewer_updater.ini.6.drString found in binary or memory: http://reefmastersoftware.blob.core.windows.net/sonarviewer-updates/ReefMaster
Source: sonarviewer_updater.exe, 0000000F.00000002.150115965577.0000000000BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://reefmastersoftware.blob.core.windows.net/sonarviewer-updates/ReefMaster%20Sonar%20Viewer%20Up
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://t2.symcb.com0
Source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://tl.symcb.com/tl.crl0
Source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://tl.symcb.com/tl.crt0
Source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://tl.symcd.com0&
Source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: http://www.digicert.com/CPS0
Source: ReefMasterSonarViewer1.1.42.exeString found in binary or memory: http://www.google.com
Source: ReefMasterSonarViewer.exe, 0000000E.00000000.150081123216.000002A4440B2000.00000002.00000001.01000000.0000000A.sdmp, ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44638D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.opencyclemap.org/
Source: ReefMasterSonarViewer.exe, 0000000E.00000000.150081123216.000002A4440B2000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.openstreetmap.org/copyright
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44638D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.openstreetmap.org/copyrightl
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082328381.000000000097B000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000002.150087103964.000000000099C000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149763968615.000000000099E000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082716103.000000000097B000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082845986.000000000099A000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053603692.0000000000978000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053420732.0000000000954000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149971177637.0000000000954000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000002.150011223373.0000000001260000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer.exe, 0000000E.00000002.151016938725.000002A45E7E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44686C000.00000004.00000800.00020000.00000000.sdmp, ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44682F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
Source: ReefMasterSonarViewer1.1.42.exeString found in binary or memory: http://www.yahoo.com
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082328381.000000000097B000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000002.150087103964.000000000099C000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149763968615.000000000099E000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082716103.000000000097B000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082845986.000000000099A000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053603692.0000000000978000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053420732.0000000000954000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149971177637.0000000000954000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000002.150011223373.0000000001260000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer.exe, 0000000E.00000002.151016938725.000002A45E7E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: sonarviewer_updater.exe, 0000000F.00000002.150115965577.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, sonarviewer_updater.exe, 0000000F.00000002.150115965577.0000000000C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reefmastersoftware.blob.core.windows.net/sonarviewer-updates/ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.150009909403.00000000012F2000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000002.150011601011.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.150009347313.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com
Source: ReefMasterSonarViewer1.1.42.exe, MSI28B7.tmp.6.drString found in binary or memory: https://sectigo.com/CPS0
Source: ReefMasterSonarViewer1.1.42.exeString found in binary or memory: https://sectigo.com/CPS0D
Source: TurboActivate.dll.6.drString found in binary or memory: https://sectigo.com/CPS0U
Source: ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.150009909403.00000000012F2000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000002.150011601011.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.150009347313.00000000012E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.comh
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.drString found in binary or memory: https://secure.comodo.com/CPS0L
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151021160605.000002A45EE97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.gravatar.com/avatar/;
Source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: https://www.advancedinstaller.com
Source: ReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.dr, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: https://www.thawte.com/cps0/
Source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drString found in binary or memory: https://www.thawte.com/repository0W
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151033527663.00007FFD155FE000.00000002.00000001.01000000.0000000E.sdmp, ReefMasterSonarViewer.exe, 0000000E.00000002.151022414756.000002A45EF92000.00000004.00000020.00020000.00000000.sdmp, TurboActivate.dll.6.drString found in binary or memory: https://wyday.com/limelm/api/rest/
Source: TurboActivate.dll.6.drString found in binary or memory: https://wyday.com/limelm/api/rest/D
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151033527663.00007FFD155FE000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://wyday.com/limelm/api/rest/httpsSignature
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50383
Source: unknownNetwork traffic detected: HTTP traffic on port 50383 -> 443
Source: unknownHTTPS traffic detected: 45.33.71.201:443 -> 192.168.11.20:50383 version: TLS 1.2
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E2C110 SendMessageW,GetParent,GetParent,GetWindowRect,GetParent,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,MapWindowPoints,FillRect,DeleteDC,SendMessageW,SendMessageW,SendMessageW,5_2_00E2C110
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DF3E80 ShowWindow,ShowWindow,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowDC,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,DeleteDC,GetWindowRect,GetWindowDC,GetWindowDC,DeleteDC,GetWindowDC,GetWindowDC,SendMessageW,DeleteDC,GetSystemMetrics,GetAsyncKeyState,GetWindowDC,TrackMouseEvent,DeleteDC,GetWindowDC,DeleteDC,5_2_00DF3E80
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DEC1F0 NtdllDefWindowProc_W,5_2_00DEC1F0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E34869 SetUnhandledExceptionFilter,NtdllDefWindowProc_W,KiUserCallbackDispatcher,5_2_00E34869
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DFF960 DeleteObject,GetWindowLongW,NtdllDefWindowProc_W,GetClientRect,SendMessageW,5_2_00DFF960
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E87BE0 NtdllDefWindowProc_W,5_2_00E87BE0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DF3E80 ShowWindow,ShowWindow,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowDC,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,DeleteDC,GetWindowRect,GetWindowDC,GetWindowDC,DeleteDC,GetWindowDC,GetWindowDC,SendMessageW,DeleteDC,GetSystemMetrics,GetAsyncKeyState,GetWindowDC,TrackMouseEvent,DeleteDC,GetWindowDC,DeleteDC,5_2_00DF3E80
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DEA2F8 NtdllDefWindowProc_W,SetRectEmpty,5_2_00DEA2F8
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DF2290 NtdllDefWindowProc_W,SetWindowLongW,GetClientRect,GetParent,SetWindowLongW,ShowWindow,5_2_00DF2290
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DBE270 GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,GetWindowTextLengthW,GetWindowTextW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,NtdllDefWindowProc_W,5_2_00DBE270
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DE85C0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,5_2_00DE85C0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E2A590 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,5_2_00E2A590
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DEA8EA NtdllDefWindowProc_W,5_2_00DEA8EA
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E02800 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SendMessageW,SetWindowPos,RedrawWindow,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetDC,GetSysColor,ReleaseDC,5_2_00E02800
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DBE820 SysFreeString,SysAllocString,GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,GetWindowTextLengthW,GetWindowTextW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,SysFreeString,NtdllDefWindowProc_W,SysFreeString,5_2_00DBE820
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E0C960 NtdllDefWindowProc_W,5_2_00E0C960
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DDABC0 CreateWindowExW,NtdllDefWindowProc_W,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetWindowTextLengthW,SendMessageW,ClientToScreen,GetWindowRect,PtInRect,SendMessageW,SendMessageW,SendMessageW,SetTimer,5_2_00DDABC0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E0CBB0 NtdllDefWindowProc_W,GetWindowLongW,SetWindowLongW,GetWindowLongW,SetWindowLongW,5_2_00E0CBB0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DCAD60 KillTimer,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DeleteCriticalSection,5_2_00DCAD60
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DC0D00 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DestroyWindow,5_2_00DC0D00
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DBEE50 NtdllDefWindowProc_W,GetSysColor,5_2_00DBEE50
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DF3190 NtdllDefWindowProc_W,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetWindowTextLengthW,SendMessageW,ClientToScreen,GetWindowRect,PtInRect,SendMessageW,SendMessageW,SendMessageW,SetTimer,5_2_00DF3190
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DC1320 NtdllDefWindowProc_W,5_2_00DC1320
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DEC1F0 NtdllDefWindowProc_W,9_2_00DEC1F0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DEA2F8 NtdllDefWindowProc_W,9_2_00DEA2F8
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DF2290 NtdllDefWindowProc_W,9_2_00DF2290
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DBE270 NtdllDefWindowProc_W,GlobalAlloc,GlobalLock,GlobalUnlock,NtdllDefWindowProc_W,9_2_00DBE270
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DE85C0 NtdllDefWindowProc_W,9_2_00DE85C0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E2A590 NtdllDefWindowProc_W,9_2_00E2A590
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DEA8EA NtdllDefWindowProc_W,9_2_00DEA8EA
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E02800 NtdllDefWindowProc_W,9_2_00E02800
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DBE820 SysFreeString,NtdllDefWindowProc_W,GlobalAlloc,GlobalLock,GlobalUnlock,SysFreeString,NtdllDefWindowProc_W,SysFreeString,9_2_00DBE820
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E0C960 NtdllDefWindowProc_W,9_2_00E0C960
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DDABC0 NtdllDefWindowProc_W,9_2_00DDABC0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E0CBB0 NtdllDefWindowProc_W,9_2_00E0CBB0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DCAD60 NtdllDefWindowProc_W,DeleteCriticalSection,9_2_00DCAD60
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DC0D00 NtdllDefWindowProc_W,9_2_00DC0D00
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DBEE50 NtdllDefWindowProc_W,9_2_00DBEE50
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DF3190 NtdllDefWindowProc_W,9_2_00DF3190
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DC1320 NtdllDefWindowProc_W,9_2_00DC1320
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DC18E0 NtdllDefWindowProc_W,9_2_00DC18E0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DE79F0 NtdllDefWindowProc_W,9_2_00DE79F0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DFF960 NtdllDefWindowProc_W,9_2_00DFF960
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DCFC50 NtdllDefWindowProc_W,9_2_00DCFC50
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DC7D10 NtdllDefWindowProc_W,9_2_00DC7D10
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DF3E80 NtdllDefWindowProc_W,NtdllDefWindowProc_W,NtdllDefWindowProc_W,9_2_00DF3E80
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E07E80 NtdllDefWindowProc_W,9_2_00E07E80
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155446FC NtFlushProcessWriteBuffers,14_2_00007FFD155446FC
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\1402239.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2371.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23EF.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI243E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI247E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24CD.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI27FB.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{53A352F5-DB53-4EE6-976A-81BBB0A97267}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI28B7.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{53A352F5-DB53-4EE6-976A-81BBB0A97267}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{53A352F5-DB53-4EE6-976A-81BBB0A97267}\reefmasterlogo.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\140223b.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\140223b.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI2371.tmpJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DE48B05_2_00DE48B0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E2C9305_2_00E2C930
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00ED90805_2_00ED9080
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E5BE705_2_00E5BE70
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E800F05_2_00E800F0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DC80705_2_00DC8070
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DB20105_2_00DB2010
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EE44905_2_00EE4490
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EE46C25_2_00EE46C2
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DE29805_2_00DE2980
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DCCB005_2_00DCCB00
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DE2D405_2_00DE2D40
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E4EE205_2_00E4EE20
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E12FE05_2_00E12FE0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DD2F005_2_00DD2F00
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DF31905_2_00DF3190
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EFB2BE5_2_00EFB2BE
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EF12595_2_00EF1259
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EFB3DE5_2_00EFB3DE
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DC80709_2_00DC8070
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DB20109_2_00DB2010
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00EE46C29_2_00EE46C2
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DE48B09_2_00DE48B0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DE29809_2_00DE2980
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E2C9309_2_00E2C930
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DCCB009_2_00DCCB00
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DE2D409_2_00DE2D40
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E12FE09_2_00E12FE0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DD2F009_2_00DD2F00
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DF31909_2_00DF3190
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E058E09_2_00E058E0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00ED9A309_2_00ED9A30
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DD1B709_2_00DD1B70
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DD5D109_2_00DD5D10
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E0DE009_2_00E0DE00
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1559560814_2_00007FFD15595608
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155E368414_2_00007FFD155E3684
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1553174814_2_00007FFD15531748
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1553318814_2_00007FFD15533188
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1552916014_2_00007FFD15529160
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1553DA2814_2_00007FFD1553DA28
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1558BA2414_2_00007FFD1558BA24
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155E391814_2_00007FFD155E3918
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1552BABC14_2_00007FFD1552BABC
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1552C48414_2_00007FFD1552C484
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1552819414_2_00007FFD15528194
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155320C414_2_00007FFD155320C4
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155383D414_2_00007FFD155383D4
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155382C014_2_00007FFD155382C0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1557E26814_2_00007FFD1557E268
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1551A2E814_2_00007FFD1551A2E8
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15530D7814_2_00007FFD15530D78
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15526F2414_2_00007FFD15526F24
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1557CF3014_2_00007FFD1557CF30
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15518F0814_2_00007FFD15518F08
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155389C814_2_00007FFD155389C8
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15528A7414_2_00007FFD15528A74
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15596B1014_2_00007FFD15596B10
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155E35A014_2_00007FFD155E35A0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1559D59014_2_00007FFD1559D590
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155A184C14_2_00007FFD155A184C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1559D81814_2_00007FFD1559D818
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155CF70414_2_00007FFD155CF704
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1551571414_2_00007FFD15515714
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1556B1BC14_2_00007FFD1556B1BC
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155631BC14_2_00007FFD155631BC
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1559918014_2_00007FFD15599180
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1554921014_2_00007FFD15549210
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155ED0C014_2_00007FFD155ED0C0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155E90B014_2_00007FFD155E90B0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155E114414_2_00007FFD155E1144
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1552711014_2_00007FFD15527110
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1556F11C14_2_00007FFD1556F11C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155EF3C814_2_00007FFD155EF3C8
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155493BC14_2_00007FFD155493BC
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1557937414_2_00007FFD15579374
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1559D34814_2_00007FFD1559D348
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1558932414_2_00007FFD15589324
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155E3DB814_2_00007FFD155E3DB8
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15575D7614_2_00007FFD15575D76
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15545E3814_2_00007FFD15545E38
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155D1C9414_2_00007FFD155D1C94
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1553BD5C14_2_00007FFD1553BD5C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15569D0614_2_00007FFD15569D06
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15569CF814_2_00007FFD15569CF8
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1558DF9814_2_00007FFD1558DF98
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1559FEC414_2_00007FFD1559FEC4
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15581E6C14_2_00007FFD15581E6C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155259A014_2_00007FFD155259A0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155F19B814_2_00007FFD155F19B8
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15517A5814_2_00007FFD15517A58
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15575B6014_2_00007FFD15575B60
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1556FC4414_2_00007FFD1556FC44
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1559BBEC14_2_00007FFD1559BBEC
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155E9AB414_2_00007FFD155E9AB4
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1559FA8C14_2_00007FFD1559FA8C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155E7B5414_2_00007FFD155E7B54
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155424CC14_2_00007FFD155424CC
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155DC84814_2_00007FFD155DC848
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155F082414_2_00007FFD155F0824
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1554883014_2_00007FFD15548830
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155D869814_2_00007FFD155D8698
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155EA73014_2_00007FFD155EA730
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155761B814_2_00007FFD155761B8
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155EC18814_2_00007FFD155EC188
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1559E17C14_2_00007FFD1559E17C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155780B414_2_00007FFD155780B4
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1556407014_2_00007FFD15564070
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1556C13C14_2_00007FFD1556C13C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155DC44414_2_00007FFD155DC444
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1557643814_2_00007FFD15576438
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155283E814_2_00007FFD155283E8
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155C835414_2_00007FFD155C8354
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1556030C14_2_00007FFD1556030C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155E2DB014_2_00007FFD155E2DB0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155F2E1014_2_00007FFD155F2E10
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1559CCC414_2_00007FFD1559CCC4
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15512CA814_2_00007FFD15512CA8
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15578CB414_2_00007FFD15578CB4
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155DB05C14_2_00007FFD155DB05C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155ECEB414_2_00007FFD155ECEB4
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1554EEB814_2_00007FFD1554EEB8
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155DCF0C14_2_00007FFD155DCF0C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1559CEFC14_2_00007FFD1559CEFC
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1555899C14_2_00007FFD1555899C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1556C8E014_2_00007FFD1556C8E0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155AE8F814_2_00007FFD155AE8F8
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15522B9014_2_00007FFD15522B90
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155D8B9814_2_00007FFD155D8B98
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155A4C4C14_2_00007FFD155A4C4C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1559EBEC14_2_00007FFD1559EBEC
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155DAAA014_2_00007FFD155DAAA0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1552AA8414_2_00007FFD1552AA84
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15522A8414_2_00007FFD15522A84
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6B3174314_2_00007FFCD6B31743
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6B30D9D14_2_00007FFCD6B30D9D
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6B319A914_2_00007FFCD6B319A9
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6D23BE014_2_00007FFCD6D23BE0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6D2CF3214_2_00007FFCD6D2CF32
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6D2BE7914_2_00007FFCD6D2BE79
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6D2D61514_2_00007FFCD6D2D615
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: String function: 00DC9CE0 appears 34 times
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: String function: 00DB71C0 appears 428 times
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: String function: 00E461B0 appears 401 times
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: String function: 00DB7920 appears 110 times
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: String function: 00DB9230 appears 63 times
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: String function: 00DB8250 appears 51 times
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: String function: 00DB9860 appears 67 times
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: String function: 00EDC1B5 appears 63 times
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: String function: 00007FFD1551D10C appears 52 times
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: String function: 00007FFD1558637C appears 144 times
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: String function: 00007FFD155209E4 appears 34 times
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: String function: 00007FFD155DF570 appears 49 times
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150084614346.000000000653D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAICustAct.dllF vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000002.150089668826.0000000006584000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsi.dllX vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053347326.0000000006560000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsi.dllX vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000002.150089467018.000000000653D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAICustAct.dllF vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150084107237.0000000006584000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsi.dllX vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082237170.0000000006560000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAICustAct.dllF vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082237170.0000000006560000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsi.dllX vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082421167.000000000653A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAICustAct.dllF vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149766463670.0000000003EF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000002.150089832258.0000000006733000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileNameRe vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150083127641.0000000006583000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsi.dllX vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.150007036664.00000000039D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileNameReefMasterSonarViewer1.1.42.aiuiP vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.149953380192.00000000039D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exeBinary or memory string: OriginalFileNameReefMasterSonarViewer1.1.42.aiuiP vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exeBinary or memory string: OriginalFilenamelzmaextractor.dllF vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exeBinary or memory string: OriginalFilenameAICustAct.dllF vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exeBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exeBinary or memory string: OriginalFilenamePrereq.dllF vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exeBinary or memory string: OriginalFilenameExternalUICleaner.dllF vs ReefMasterSonarViewer1.1.42.exe
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: TurboActivate.dll.6.drBinary string: SHA-512SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%s\ConnectionPnpInstanceIDWQLroot\wmi OR DeviceName="\\DEVICE\\SELECT InstanceName, DeviceName FROM MSNdis_EnumerateAdapter WHERE DeviceName="\\DEVICE\\DeviceName"SELECT InstanceName, NdisPermanentAddress FROM MSNdis_EthernetPermanentAddress WHERE InstanceName="InstanceNameNdisPermanentAddress OR InstanceName="EnableAddressReturnValueWin32_NetworkAdapter.DeviceID="root\StandardCimv2DisableDeviceIDSELECT DeviceID, PermanentAddress FROM MSFT_NetAdapter WHERE (Virtual = FALSE OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%") AND (InterfaceType = 6 OR InterfaceType = 71) AND NOT NdisPhysicalMedium = 10SELECT GUID, DeviceID FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE AND (PNPDeviceID LIKE "PCI\\%" OR PNPDeviceID LIKE "USB\\%" OR PNPDeviceID LIKE "SD\\%" OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%" OR PNPDeviceID LIKE "%BDRV\\%") AND NOT ServiceName LIKE "usbrndis%"PermanentAddressroot\cimv2GUIDSelect Model from Win32_DiskDriveWinmgmtSelect SystemDrive from Win32_OperatingSystemModelASSOCIATORS OF {Win32_LogicalDisk.DeviceID="SystemDriveASSOCIATORS OF {Win32_DiskPartition.DeviceID=""} WHERE AssocClass = Win32_LogicalDiskToPartition KEYSONLYSelect Model, SerialNumber from Win32_DiskDrive WHERE DeviceID=""} WHERE AssocClass = Win32_DiskDriveToDiskPartition KEYSONLYSelect Name, SerialNumber, SMBIOSBIOSVersion, Manufacturer, Version from Win32_BIOSSerialNumberParallelsVMwareSMBIOSBIOSVersionNameManufacturerVirtualBoxVersionXenProductSelect Product, Manufacturer from Win32_BaseBoardProcessorIdSelect ProcessorId, Name, Manufacturer from Win32_ProcessorCapacitySelect Capacity from Win32_PhysicalMemorySbieDll.dll
Source: classification engineClassification label: sus36.evad.winEXE@11/149@1/2
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E4DE60 FormatMessageW,GetLastError,9_2_00E4DE60
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E72ED0 GetDiskFreeSpaceExW,5_2_00E72ED0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E5A100 GetCurrentProcessId,GetCurrentProcessId,GetCurrentProcessId,CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,Process32NextW,Process32NextW,CloseHandle,CloseHandle,5_2_00E5A100
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1552BABC CoCreateInstance,SysAllocString,SysFreeString,CoSetProxyBlanket,SysAllocString,SysAllocString,SysFreeString,SysFreeString,VariantClear,VariantClear,SysAllocString,GetModuleHandleW,GetProcAddress,SysAllocString,VariantClear,VariantClear,SysFreeString,SysFreeString,CoUninitialize,14_2_00007FFD1552BABC
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DB90F0 LoadResource,LockResource,SizeofResource,5_2_00DB90F0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1552C484 GetModuleHandleW,GetProcAddress,GetAdaptersInfo,GetAdaptersInfo,RegOpenKeyExA,RegQueryValueExW,RegQueryValueExW,RegCloseKey,CoInitializeEx,CoCreateInstance,SysAllocString,OpenSCManagerW,OpenServiceW,QueryServiceConfigW,GetLastError,LocalAlloc,QueryServiceConfigW,ChangeServiceConfigW,LocalFree,CloseServiceHandle,CloseServiceHandle,CoSetProxyBlanket,SysAllocString,SysFreeString,SysFreeString,SysAllocString,SysFreeString,VariantClear,SysStringLen,VariantClear,SysAllocString,SysFreeString,SysAllocString,VariantClear,SysFreeString,SysAllocString,VariantClear,SysFreeString,SysAllocString,SysStringLen,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,SysAllocString,SysFreeString,VariantClear,SysStringLen,VariantClear,VariantClear,VariantClear,VariantClear,SysAllocString,SysFreeString,VariantClear,VariantClear,SysAllocString,SysFreeString,SysStringLen,VariantClear,VariantClear,VariantClear,VariantClear,SysAllocString,SysFreeString,SysStringLen,VariantClear,VariantClear,SysFreeString,SysFreeString,CoUninitialize,14_2_00007FFD1552C484
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster SoftwareJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Roaming\ReefMaster SoftwareJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeMutant created: NULL
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeMutant created: \Sessions\1\BaseNamedObjects\8247f3dc-c865-4a80-887e-4fd45a960a00
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\shiD7E2.tmpJump to behavior
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId, Name, Manufacturer from Win32_Processor
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: ReefMasterSonarViewer.exeString found in binary or memory: firstbit_hi(i) -> shift/bine/add sequence <| MR.Gen_RequiredTranslate
Source: ReefMasterSonarViewer.exeString found in binary or memory: firstbitlow(i) -> shift/bine/add sequence <| MR.Gen_RequiredTranslate
Source: ReefMasterSonarViewer.exeString found in binary or memory: firstbit_shi(i) -> shift/bine/add sequence <| MR.Gen_RequiredTranslate
Source: ReefMasterSonarViewer.exeString found in binary or memory: countbits(i) -> and/shift/add sequence <| MR.Gen_RequiredTranslate
Source: ReefMasterSonarViewer1.1.42.exeString found in binary or memory: INSERT INTO `` (`Property`, `Order`, `Value`, `Text`) VALUES (?,?,?,?) TEMPORARYComboBoxListBoxSELECT * FROM `%s` WHERE `Property`='%s' AND `Value`='%s'SELECT * FROM `%s` WHERE `Property`='%s'Edit[1]SELECT `Message` FROM `Error` WHERE `Error` = %sSELECT `Text` FROM `UIText` WHERE `Key` = '%s'tmpALLUSERS = 1SELECT `Attributes` FROM `Control` WHERE `Dialog_` = '%s' AND `Control` = '%s'WS_BORDERWS_CAPTIONWS_CHILDWS_CHILDWINDOWWS_CLIPCHILDRENWS_CLIPSIBLINGSWS_DISABLEDWS_DLGFRAMEWS_GROUPWS_HSCROLLWS_ICONICWS_SIZEBOXWS_SYSMENUWS_TABSTOPWS_THICKFRAMEWS_VISIBLEWS_VSCROLLWS_MAXIMIZEBOXWS_MAXIMIZEWS_MINIMIZEBOXWS_MINIMIZEWS_OVERLAPPEDWINDOWWS_OVERLAPPEDWS_POPUPWINDOWWS_POPUPWS_TILEDWINDOWWS_TILEDWS_EX_ACCEPTFILESWS_EX_APPWINDOWWS_EX_CLIENTEDGEWS_EX_CONTEXTHELPWS_EX_CONTROLPARENTWS_EX_DLGMODALFRAMEWS_EX_LEFTWS_EX_LEFTSCROLLBARWS_EX_LTRREADINGWS_EX_MDICHILDWS_EX_NOPARENTNOTIFYWS_EX_OVERLAPPEDWINDOWWS_EX_PALETTEWINDOWWS_EX_RTLREADINGWS_EX_STATICEDGEWS_EX_TOOLWINDOWWS_EX_TOPMOSTWS_EX_TRANSPARENTWS_EX_WINDOWEDGEWS_EX_RIGHTSCROLLBARWS_EX_RIGHTWS_EX_LAYEREDWS_EX_NOACTIVATEWS_EX_NOINHERITLAYOUTWS_EX_LAYOUTRTLWS_EX_COMPOSITEDWS_EXAI_TRIAL_MESSAGE_BODYAI_MSM_TRIAL_MESSAGE_BODYAI_APP_FILEAI_README_FILEAI_APP_ARGSAI_RUN_AS_ADMINMsiLogFileLocation[ProgramFilesFolder][LocalAppDataFolder]Programs\[ProgramFiles64Folder][CommonFilesFolder][LocalAppDataFolder]Programs\Common\[CommonFiles64Folder][AI_ProgramFiles][WindowsFolder][LocalAppDataFolder][SystemFolder][WindowsVolume][ProgramMenuFolder][DesktopFolder][StartupFolder][TemplateFolder][AdminToolsFolder]MIGRATEFindRelatedProductsMigrateFeatureStatesAI_SETMIXINSTLOCATIONAPPDIRAI_RESTORE_LOCATIONSELECT `ActionProperty` FROM `Upgrade`ProgramMenuFolderAI_SH_INITEDSELECT `Action`,`Target` FROM `CustomAction`SET_APPDIRSET_SHORTCUTDIRSELECT * FROM `Control` WHERE `Dialog_` = 'VerifyReadyDlg' AND `Control` = 'Install'AI_INSTALLPERUSER = "0"InstallVerifyReadyDlgSHORTCUTDIRALLUSERS = "2"MSIINSTALLPERUSER = "1"ALLUSERSVersionMsi >= "5.0"2AI_INSTALLPERUSER = "1"MSIINSTALLPERUSERAI_NEWINSTProductLanguageAI_INTANCE_LOCATIONAI_UPGRADENoLanguageVersionStringInstallLocationAI_REPLACE_PRODUCTSAI_Replaced_Versions_ListAI_Upgrade_Replace_Question_YesBackUp_AI_Upgrade_Question_YesAI_Upgrade_Question_YesAI_Upgrade_Replace_Question_NoBackUp_AI_Upgrade_Question_NoAI_Upgrade_Question_NoYesDELETE FROM `Shortcut` WHERE `Shortcut`.`Directory_`='%s'DELETE FROM `IniFile` WHERE `IniFile`.`Section`='InternetShortcut' AND`IniFile`.`DirProperty`='%s'SELECT * FROM `%s`ShortcutIniFileAI_DESKTOP_SH0AI_STARTMENU_SHAI_QUICKLAUNCH_SHAI_STARTUP_SHAI_SHORTCUTSREGNot InstalledDesktopFolderQuickLaunch_DirStartupFolderAI_SH_DIRProductName*.*Riched20.dll -user -machine -quiet -addgroup All_CodeMy_Computer_Zone -url "*" Nothing -name "" -addgroup " FullTrust -remgroup "SELECT `Component` FROM `Component`AI_ARP_SIZEARPPRODUCTICONWindowsFolderAppDataFolderInstallerARP_ICON_PATHMicrosoftAI_BIND_TCP_HOSTAI_SEARCH_TCP_PORTSockErrorAI_PORT_TEST_RESFreePortAI_BIND_TCP
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile read: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe "C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 814FD75CA49A0CAF6F4632D049971993 C
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeProcess created: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe "C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" /i "C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\ReefMasterSonarViewer1.1.42.msi" AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReefMaster Sonar Viewer" APPDIR="C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer" SECONDSEQUENCE="1" CLIENTPROCESSID="3408" CHAINERUIPROCESSID="3408Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_FOUND_PREREQS=".NET Framework 4.5" AI_DETECTED_DOTNET_VERSION="4.8" AI_SETUPEXEPATH="C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" SETUPEXEDIR="C:\Users\user\Desktop\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1714054620 " AI_SETUPEXEPATH_ORIGINAL="C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" TARGETDIR="C:\" AI_INSTALL="1"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 775B6AE01A687B1CA3B58C881C9C64E9
Source: unknownProcess created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe "C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe"
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe "C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe" /justcheck
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeProcess created: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe "C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" /i "C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\ReefMasterSonarViewer1.1.42.msi" AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReefMaster Sonar Viewer" APPDIR="C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer" SECONDSEQUENCE="1" CLIENTPROCESSID="3408" CHAINERUIPROCESSID="3408Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_FOUND_PREREQS=".NET Framework 4.5" AI_DETECTED_DOTNET_VERSION="4.8" AI_SETUPEXEPATH="C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" SETUPEXEDIR="C:\Users\user\Desktop\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1714054620 " AI_SETUPEXEPATH_ORIGINAL="C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" TARGETDIR="C:\" AI_INSTALL="1"Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 814FD75CA49A0CAF6F4632D049971993 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 775B6AE01A687B1CA3B58C881C9C64E9Jump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe "C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe" /justcheckJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: davhlpr.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: lpk.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: msisip.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vss_ps.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: davhlpr.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: lpk.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: msisip.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: riched20.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: usp10.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: msls31.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: mscms.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: windowscodecsext.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: icm32.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: dlnashext.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: wpdshext.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: edputil.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: slc.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: sppc.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: amsi.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: msctfui.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: version.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: mpr.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: edgegdi.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: riched20.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: usp10.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: msls31.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.iniJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeAutomated click: Next >
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeAutomated click: Install
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeAutomated click: Next >
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeAutomated click: Next >
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeAutomated click: Next >
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: certificate valid
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: ReefMasterSonarViewer1.1.42.exeStatic file information: File size 24704432 > 1048576
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x186000
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wininet.pdb source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149766463670.0000000003EF0000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.149953380192.00000000039D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Wyatt\Documents\Visual Studio 2005\Projects\limelm-native-clients\bin64\Release\TurboActivateLib.pdb source: ReefMasterSonarViewer.exe, 0000000E.00000002.151033527663.00007FFD155FE000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\ExternalUICleaner.pdb, source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb\ source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.DXGI.pdbw source: ReefMasterSonarViewer.exe, 0000000E.00000002.151027384088.000002A45F872000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\ExternalUICleaner.pdb source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdbl source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.dr
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.Direct3D9.pdb$k source: SharpDX.Direct3D9.dll.6.dr
Source: Binary string: lease\custact\x86\AICustAct.pdb source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053688162.0000000006505000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150085724522.0000000006514000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000002.150089288030.0000000006515000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150083019662.000000000650C000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082522881.0000000006505000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.Direct3D9.pdb source: SharpDX.Direct3D9.dll.6.dr
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdb source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.Direct3D11.pdb source: ReefMasterSonarViewer.exe, 0000000E.00000002.151018158616.000002A45E9D2000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\Prereq.pdb source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\JobRelease\win\Release\custact\x86\Prereq.pdbi source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: D3DCompiler_43.pdb source: ReefMasterSonarViewer.exe, ReefMasterSonarViewer.exe, 0000000E.00000002.151034554218.00007FFD166C1000.00000020.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.DXGI.pdb source: ReefMasterSonarViewer.exe, 0000000E.00000002.151027384088.000002A45F872000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.D3DCompiler.pdb source: SharpDX.D3DCompiler.dll.6.dr
Source: Binary string: wininet.pdbUGP source: ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149766463670.0000000003EF0000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.149953380192.00000000039D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.Direct3D11.pdb$ source: ReefMasterSonarViewer.exe, 0000000E.00000002.151018158616.000002A45E9D2000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: c:\Products\WpfRibbonBuild\SourceCode\trunk\DevComponents.WPF.Controls\obj\Release\DevComponents.WPF.Controls.pdb source: ReefMasterSonarViewer.exe, 0000000E.00000002.151019455565.000002A45EC72000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: c:\Users\Matthew\Documents\Dev\Gong\gong-wpf-dragdrop-master\GongSolutions.Wpf.DragDrop\obj\Debug\GongSolutions.Wpf.DragDrop.pdbD source: ReefMasterSonarViewer.exe, 0000000E.00000002.151027243378.000002A45F6D2000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\Code\SharpDX\Bin\DirectX11-Signed-net40\SharpDX.pdb source: ReefMasterSonarViewer.exe, 0000000E.00000002.151018551009.000002A45EA62000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: c:\Users\Matthew\Documents\Dev\Gong\gong-wpf-dragdrop-master\GongSolutions.Wpf.DragDrop\obj\Debug\GongSolutions.Wpf.DragDrop.pdb source: ReefMasterSonarViewer.exe, 0000000E.00000002.151027243378.000002A45F6D2000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D3DCompiler_43.pdbH source: ReefMasterSonarViewer.exe, 0000000E.00000002.151034554218.00007FFD166C1000.00000020.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\lzmaextractor.pdb source: ReefMasterSonarViewer1.1.42.exe
Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbg source: ReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.dr
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\Updater.pdb source: sonarviewer_updater.exe, 0000000F.00000002.150116550309.0000000000E3B000.00000002.00000001.01000000.0000000D.sdmp, sonarviewer_updater.exe, 0000000F.00000000.150093611695.0000000000E3B000.00000002.00000001.01000000.0000000D.sdmp
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: ReefMasterSonarViewer1.1.42.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E4DF80 LoadLibraryW,GetProcAddress,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,LoadImageW,FreeLibrary,5_2_00E4DF80
Source: shiD7E2.tmp.5.drStatic PE information: section name: .wpp_sf
Source: shiD7E2.tmp.5.drStatic PE information: section name: .didat
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_3_0091F3C8 push eax; ret 5_3_0091F3C9
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_3_0091F3C8 push eax; ret 5_3_0091F3C9
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_3_0091F3C8 push eax; ret 5_3_0091F3C9
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_3_0091F3C8 push eax; ret 5_3_0091F3C9
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EDE98C push ecx; ret 5_2_00EDE99F
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E2D2C0 push ecx; mov dword ptr [esp], 3F800000h5_2_00E2D408
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DC5270 push ecx; mov dword ptr [esp], ecx5_2_00DC5271
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_3_013385B1 push es; ret 9_3_013385B2
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_3_0133847D push es; ret 9_3_0133847E
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_3_01338523 push es; iretd 9_3_0133859C
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_3_013384A5 push es; iretd 9_3_0133859C
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00EDE98C push ecx; ret 9_2_00EDE99F
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E2D2C0 push ecx; mov dword ptr [esp], 3F800000h9_2_00E2D408
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DC5270 push ecx; mov dword ptr [esp], ecx9_2_00DC5271
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E0DB70 push ecx; mov dword ptr [esp], 3F800000h9_2_00E0DC02
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155E253A push rax; ret 14_2_00007FFD155E253D
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD166C1614 pushfq ; iretd 14_2_00007FFD166C1631
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD166CC344 push rax; ret 14_2_00007FFD166CC371
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6B376D0 push ebp; ret 14_2_00007FFCD6B3779A
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6B377B1 push ebp; ret 14_2_00007FFCD6B3779A
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6B375BC push ebp; ret 14_2_00007FFCD6B3779A
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6B342FF push ebp; ret 14_2_00007FFCD6B34302
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6B3430F push ebp; ret 14_2_00007FFCD6B34312
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6B37947 push ebx; retf 14_2_00007FFCD6B3794A
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6B300BD pushad ; iretd 14_2_00007FFCD6B300C1
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6D22680 pushad ; retf D6D0h14_2_00007FFCD6D22959
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6D2CEF9 push ecx; retf 14_2_00007FFCD6D2CEFC
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6D2D529 pushad ; ret 14_2_00007FFCD6D2D52A
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFCD6D2D4D7 push eax; ret 14_2_00007FFCD6D2D4D8
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\FileDb.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5319.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.Models.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI243E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\GongSolutions.Wpf.DragDrop.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\ProgramData\Caphyon\Advanced Installer\{53A352F5-DB53-4EE6-976A-81BBB0A97267}\ReefMasterSonarViewer1.1.42.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WpfRibbon.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.Direct3D9.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.ViewModels.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\MSIDEE0.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\shi20F1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\x86\D3DCompiler_43.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23EF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\MSID8BD.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\ExternalUICleaner.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate64.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\lzmaextractor.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\MSIDD63.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\MSID94B.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\MSIDDA2.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\ReefMasterSonarViewer1.1.42.aiuiJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\MSIDDD2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24CD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WPF.Controls.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WPF.Metro.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WpfEditors.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.DXGI.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\MSIDE70.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.Direct3D11.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\shiD7E2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\de\ReefMasterSonarViewer.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\nl\ReefMasterSonarViewer.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI247E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\x64\D3DCompiler_43.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.D3DCompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\MSIDE02.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DotSpatial.Positioning.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI27FB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\fr\ReefMasterSonarViewer.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2371.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.FileHandling.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\MSIDEC0.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\aicustact.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\MSIDF1F.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Local\Temp\MSI527C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\ProgramData\Caphyon\Advanced Installer\{53A352F5-DB53-4EE6-976A-81BBB0A97267}\ReefMasterSonarViewer1.1.42.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI27FB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI243E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2371.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI247E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24CD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23EF.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile created: C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\ReefMasterSonarViewer1.1.42.aiuiJump to dropped file
Source: C:\Windows\System32\msiexec.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestoreJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReefMaster Sonar ViewerJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReefMaster Sonar Viewer\ReefMaster Sonar Viewer.lnkJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155B7218 GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,14_2_00007FFD155B7218
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_5-52165
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Capacity from Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : ASSOCIATORS OF {Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} WHERE AssocClass = Win32_DiskDriveToDiskPartition KEYSONLY
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Dependent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Model, SerialNumber from Win32_DiskDrive WHERE DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Model, SerialNumber from Win32_DiskDrive WHERE DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Capacity from Win32_PhysicalMemory
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : ASSOCIATORS OF {Win32_LogicalDisk.DeviceID=&quot;C:&quot;} WHERE AssocClass = Win32_LogicalDiskToPartition KEYSONLY
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Dependent=&quot;Win32_LogicalDisk.DeviceID=\&quot;C:\&quot;&quot;
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: TurboActivate.dll.6.drBinary or memory string: SHA-512SYSTEM\CURRENTCONTROLSET\CONTROL\NETWORK\{4D36E972-E325-11CE-BFC1-08002BE10318}\%S\CONNECTIONPNPINSTANCEIDWQLROOT\WMI OR DEVICENAME="\\DEVICE\\SELECT INSTANCENAME, DEVICENAME FROM MSNDIS_ENUMERATEADAPTER WHERE DEVICENAME="\\DEVICE\\DEVICENAME"SELECT INSTANCENAME, NDISPERMANENTADDRESS FROM MSNDIS_ETHERNETPERMANENTADDRESS WHERE INSTANCENAME="INSTANCENAMENDISPERMANENTADDRESS OR INSTANCENAME="ENABLEADDRESSRETURNVALUEWIN32_NETWORKADAPTER.DEVICEID="ROOT\STANDARDCIMV2DISABLEDEVICEIDSELECT DEVICEID, PERMANENTADDRESS FROM MSFT_NETADAPTER WHERE (VIRTUAL = FALSE OR PNPDEVICEID LIKE "XEN%\\%" OR PNPDEVICEID LIKE "VMBUS\\%") AND (INTERFACETYPE = 6 OR INTERFACETYPE = 71) AND NOT NDISPHYSICALMEDIUM = 10SELECT GUID, DEVICEID FROM WIN32_NETWORKADAPTER WHERE PHYSICALADAPTER = TRUE AND (PNPDEVICEID LIKE "PCI\\%" OR PNPDEVICEID LIKE "USB\\%" OR PNPDEVICEID LIKE "SD\\%" OR PNPDEVICEID LIKE "XEN%\\%" OR PNPDEVICEID LIKE "VMBUS\\%" OR PNPDEVICEID LIKE "%BDRV\\%") AND NOT SERVICENAME LIKE "USBRNDIS%"PERMANENTADDRESSROOT\CIMV2GUIDSELECT MODEL FROM WIN32_DISKDRIVEWINMGMTSELECT SYSTEMDRIVE FROM WIN32_OPERATINGSYSTEMMODELASSOCIATORS OF {WIN32_LOGICALDISK.DEVICEID="SYSTEMDRIVEASSOCIATORS OF {WIN32_DISKPARTITION.DEVICEID=""} WHERE ASSOCCLASS = WIN32_LOGICALDISKTOPARTITION KEYSONLYSELECT MODEL, SERIALNUMBER FROM WIN32_DISKDRIVE WHERE DEVICEID=""} WHERE ASSOCCLASS = WIN32_DISKDRIVETODISKPARTITION KEYSONLYSELECT NAME, SERIALNUMBER, SMBIOSBIOSVERSION, MANUFACTURER, VERSION FROM WIN32_BIOSSERIALNUMBERPARALLELSVMWARESMBIOSBIOSVERSIONNAMEMANUFACTURERVIRTUALBOXVERSIONXENPRODUCTSELECT PRODUCT, MANUFACTURER FROM WIN32_BASEBOARDPROCESSORIDSELECT PROCESSORID, NAME, MANUFACTURER FROM WIN32_PROCESSORCAPACITYSELECT CAPACITY FROM WIN32_PHYSICALMEMORYSBIEDLL.DLL
Source: ReefMasterSonarViewer.exeBinary or memory string: SBIEDLL.DLL
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151033527663.00007FFD155FE000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: SHA-512SYSTEM\CURRENTCONTROLSET\CONTROL\NETWORK\{4D36E972-E325-11CE-BFC1-08002BE10318}\%S\CONNECTIONROOT\WMIWQLPNPINSTANCEID"DEVICENAMESELECT INSTANCENAME, DEVICENAME FROM MSNDIS_ENUMERATEADAPTER WHERE DEVICENAME="\\DEVICE\\ OR DEVICENAME="\\DEVICE\\ OR INSTANCENAME="NDISPERMANENTADDRESSINSTANCENAMESELECT INSTANCENAME, NDISPERMANENTADDRESS FROM MSNDIS_ETHERNETPERMANENTADDRESS WHERE INSTANCENAME="WIN32_NETWORKADAPTER.DEVICEID="RETURNVALUEADDRESSENABLESELECT DEVICEID, PERMANENTADDRESS FROM MSFT_NETADAPTER WHERE (VIRTUAL = FALSE OR PNPDEVICEID LIKE "XEN%\\%" OR PNPDEVICEID LIKE "VMBUS\\%") AND (INTERFACETYPE = 6 OR INTERFACETYPE = 71) AND NOT NDISPHYSICALMEDIUM = 10DEVICEIDDISABLEROOT\STANDARDCIMV2GUIDROOT\CIMV2PERMANENTADDRESSSELECT GUID, DEVICEID FROM WIN32_NETWORKADAPTER WHERE PHYSICALADAPTER = TRUE AND (PNPDEVICEID LIKE "PCI\\%" OR PNPDEVICEID LIKE "USB\\%" OR PNPDEVICEID LIKE "SD\\%" OR PNPDEVICEID LIKE "XEN%\\%" OR PNPDEVICEID LIKE "VMBUS\\%" OR PNPDEVICEID LIKE "%BDRV\\%") AND NOT SERVICENAME LIKE "USBRNDIS%"MODELSELECT SYSTEMDRIVE FROM WIN32_OPERATINGSYSTEMWINMGMTSELECT MODEL FROM WIN32_DISKDRIVE"} WHERE ASSOCCLASS = WIN32_LOGICALDISKTOPARTITION KEYSONLYASSOCIATORS OF {WIN32_DISKPARTITION.DEVICEID="SYSTEMDRIVEASSOCIATORS OF {WIN32_LOGICALDISK.DEVICEID="SERIALNUMBERSELECT NAME, SERIALNUMBER, SMBIOSBIOSVERSION, MANUFACTURER, VERSION FROM WIN32_BIOS"} WHERE ASSOCCLASS = WIN32_DISKDRIVETODISKPARTITION KEYSONLYSELECT MODEL, SERIALNUMBER FROM WIN32_DISKDRIVE WHERE DEVICEID="NAMESMBIOSBIOSVERSIONVMWAREPARALLELSXENVERSIONVIRTUALBOXMANUFACTURERSELECT PROCESSORID, NAME, MANUFACTURER FROM WIN32_PROCESSORPROCESSORIDSELECT PRODUCT, MANUFACTURER FROM WIN32_BASEBOARDPRODUCTSBIEDLL.DLLSELECT CAPACITY FROM WIN32_PHYSICALMEMORYCAPACITY
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeMemory allocated: 2A444690000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeMemory allocated: 2A45DFE0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E5A100 GetCurrentProcessId,GetCurrentProcessId,GetCurrentProcessId,CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,Process32NextW,Process32NextW,CloseHandle,CloseHandle,5_2_00E5A100
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: GetModuleHandleW,GetProcAddress,GetAdaptersInfo,GetAdaptersInfo,RegOpenKeyExA,RegQueryValueExW,RegQueryValueExW,RegCloseKey,CoInitializeEx,CoCreateInstance,SysAllocString,OpenSCManagerW,OpenServiceW,QueryServiceConfigW,GetLastError,LocalAlloc,QueryServiceConfigW,ChangeServiceConfigW,LocalFree,CloseServiceHandle,CloseServiceHandle,CoSetProxyBlanket,SysAllocString,SysFreeString,SysFreeString,SysAllocString,SysFreeString,VariantClear,SysStringLen,VariantClear,SysAllocString,SysFreeString,SysAllocString,VariantClear,SysFreeString,SysAllocString,VariantClear,SysFreeString,SysAllocString,SysStringLen,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,SysAllocString,SysFreeString,VariantClear,SysStringLen,VariantClear,VariantClear,VariantClear,VariantClear,SysAllocString,SysFreeString,VariantClear,VariantClear,SysAllocString,SysFreeString,SysStringLen,VariantClear,VariantClear,VariantClear,VariantClear,SysAllocString,SysFreeString,SysStringLen,VariantClear,VariantClear,SysFreeString,SysFreeString,CoUninitialize,14_2_00007FFD1552C484
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWindow / User API: threadDelayed 9961Jump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\FileDb.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5319.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.Models.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI243E.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\ProgramData\Caphyon\Advanced Installer\{53A352F5-DB53-4EE6-976A-81BBB0A97267}\ReefMasterSonarViewer1.1.42.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\GongSolutions.Wpf.DragDrop.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WpfRibbon.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.Direct3D9.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.ViewModels.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIDEE0.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi20F1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI23EF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\x86\D3DCompiler_43.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSID8BD.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\ExternalUICleaner.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate64.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\lzmaextractor.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIDD63.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSID94B.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIDDA2.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\ReefMasterSonarViewer1.1.42.aiuiJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIDDD2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI24CD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WPF.Controls.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WPF.Metro.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WpfEditors.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIDE70.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.Direct3D11.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiD7E2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\de\ReefMasterSonarViewer.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\nl\ReefMasterSonarViewer.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI247E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\x64\D3DCompiler_43.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.D3DCompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIDE02.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DotSpatial.Positioning.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI27FB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\fr\ReefMasterSonarViewer.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2371.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.FileHandling.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIDEC0.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIDF1F.tmpJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\aicustact.dllJump to dropped file
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI527C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.dllJump to dropped file
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeAPI coverage: 6.9 %
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe TID: 1220Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name, SerialNumber, SMBIOSBIOSVersion, Manufacturer, Version from Win32_BIOS
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Product, Manufacturer from Win32_BaseBoard
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId, Name, Manufacturer from Win32_Processor
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile Volume queried: C:\Users\user\AppData\Roaming FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile Volume queried: C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile Volume queried: C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile Volume queried: C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E4A3A0 FindFirstFileW,GetLastError,FindClose,5_2_00E4A3A0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E52810 FindFirstFileW,FindClose,FindClose,5_2_00E52810
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E67100 ReadFile,FindFirstFileW,FindClose,CloseHandle,CloseHandle,CloseHandle,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DuplicateHandle,CloseHandle,5_2_00E67100
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E68080 FindFirstFileW,FindClose,5_2_00E68080
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E72050 FindFirstFileW,FindClose,5_2_00E72050
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E749E0 FindFirstFileW,FindClose,5_2_00E749E0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E4EE20 FindFirstFileW,FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,5_2_00E4EE20
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00E4A3A0 FindFirstFileW,GetLastError,FindClose,9_2_00E4A3A0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155ED0C0 FindFirstFileExW,14_2_00007FFD155ED0C0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E3ED30 GetLogicalDriveStringsW,5_2_00E3ED30
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E3BD00 GetProcAddress,GetCurrentProcess,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,5_2_00E3BD00
Source: TurboActivate.dll.6.drBinary or memory string: SHA-512SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%s\ConnectionPnpInstanceIDWQLroot\wmi OR DeviceName="\\DEVICE\\SELECT InstanceName, DeviceName FROM MSNdis_EnumerateAdapter WHERE DeviceName="\\DEVICE\\DeviceName"SELECT InstanceName, NdisPermanentAddress FROM MSNdis_EthernetPermanentAddress WHERE InstanceName="InstanceNameNdisPermanentAddress OR InstanceName="EnableAddressReturnValueWin32_NetworkAdapter.DeviceID="root\StandardCimv2DisableDeviceIDSELECT DeviceID, PermanentAddress FROM MSFT_NetAdapter WHERE (Virtual = FALSE OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%") AND (InterfaceType = 6 OR InterfaceType = 71) AND NOT NdisPhysicalMedium = 10SELECT GUID, DeviceID FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE AND (PNPDeviceID LIKE "PCI\\%" OR PNPDeviceID LIKE "USB\\%" OR PNPDeviceID LIKE "SD\\%" OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%" OR PNPDeviceID LIKE "%BDRV\\%") AND NOT ServiceName LIKE "usbrndis%"PermanentAddressroot\cimv2GUIDSelect Model from Win32_DiskDriveWinmgmtSelect SystemDrive from Win32_OperatingSystemModelASSOCIATORS OF {Win32_LogicalDisk.DeviceID="SystemDriveASSOCIATORS OF {Win32_DiskPartition.DeviceID=""} WHERE AssocClass = Win32_LogicalDiskToPartition KEYSONLYSelect Model, SerialNumber from Win32_DiskDrive WHERE DeviceID=""} WHERE AssocClass = Win32_DiskDriveToDiskPartition KEYSONLYSelect Name, SerialNumber, SMBIOSBIOSVersion, Manufacturer, Version from Win32_BIOSSerialNumberParallelsVMwareSMBIOSBIOSVersionNameManufacturerVirtualBoxVersionXenProductSelect Product, Manufacturer from Win32_BaseBoardProcessorIdSelect ProcessorId, Name, Manufacturer from Win32_ProcessorCapacitySelect Capacity from Win32_PhysicalMemorySbieDll.dll
Source: ReefMasterSonarViewer.exeBinary or memory string: VMware
Source: sonarviewer_updater.exe, 0000000F.00000002.150115965577.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, sonarviewer_updater.exe, 0000000F.00000002.150115965577.0000000000C12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: ReefMasterSonarViewer1.1.42.exeBinary or memory string: 01234567890.0.0.0.%dVMware, Inc.VMware Virtual PlatformVMware7,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IROOT\CIMV2SELECT * FROM Win32_ComputerSystemSELECT * FROM Win32_BIOSManufacturerModelVersionGetting system informationManufacturer [Model [BIOS [IsWow64Processkernel32Software\Microsoft\Windows NT\CurrentVersionSYSTEM\CurrentControlSet\Control\ProductOptionsCurrentMajorVersionNumberCurrentMinorVersionNumberCurrentVersionCurrentBuildNumberReleaseIdCSDVersionProductTypeProductSuiteWinNTServerNTSmall BusinessEnterpriseBackOfficeCommunicationServerTerminal ServerSmall Business(Restricted)EmbeddedNTDataCenterPersonalBladeEmbedded(Restricted)Security ApplianceStorage ServerCompute Server Failed to create IWbemLocator object. Error code: \\Could not connect to WMI provider. Error code: Failed to initialize security. Error code: Could not set proxy blanket. Error code: WQLWMI Query failed: []. Error code:
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151021160605.000002A45EE60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: ReefMasterSonarViewer.exe, 0000000E.00000002.151033527663.00007FFD155FE000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: SHA-512SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%s\Connectionroot\wmiWQLPnpInstanceID"DeviceNameSELECT InstanceName, DeviceName FROM MSNdis_EnumerateAdapter WHERE DeviceName="\\DEVICE\\ OR DeviceName="\\DEVICE\\ OR InstanceName="NdisPermanentAddressInstanceNameSELECT InstanceName, NdisPermanentAddress FROM MSNdis_EthernetPermanentAddress WHERE InstanceName="Win32_NetworkAdapter.DeviceID="ReturnValueAddressEnableSELECT DeviceID, PermanentAddress FROM MSFT_NetAdapter WHERE (Virtual = FALSE OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%") AND (InterfaceType = 6 OR InterfaceType = 71) AND NOT NdisPhysicalMedium = 10DeviceIDDisableroot\StandardCimv2GUIDroot\cimv2PermanentAddressSELECT GUID, DeviceID FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE AND (PNPDeviceID LIKE "PCI\\%" OR PNPDeviceID LIKE "USB\\%" OR PNPDeviceID LIKE "SD\\%" OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%" OR PNPDeviceID LIKE "%BDRV\\%") AND NOT ServiceName LIKE "usbrndis%"ModelSelect SystemDrive from Win32_OperatingSystemWinmgmtSelect Model from Win32_DiskDrive"} WHERE AssocClass = Win32_LogicalDiskToPartition KEYSONLYASSOCIATORS OF {Win32_DiskPartition.DeviceID="SystemDriveASSOCIATORS OF {Win32_LogicalDisk.DeviceID="SerialNumberSelect Name, SerialNumber, SMBIOSBIOSVersion, Manufacturer, Version from Win32_BIOS"} WHERE AssocClass = Win32_DiskDriveToDiskPartition KEYSONLYSelect Model, SerialNumber from Win32_DiskDrive WHERE DeviceID="NameSMBIOSBIOSVersionVMwareParallelsXenVersionVirtualBoxManufacturerSelect ProcessorId, Name, Manufacturer from Win32_ProcessorProcessorIdSelect Product, Manufacturer from Win32_BaseBoardProductSbieDll.dllSelect Capacity from Win32_PhysicalMemoryCapacity
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EE2823 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00EE2823
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155A5AF0 GetLastError,IsDebuggerPresent,OutputDebugStringW,14_2_00007FFD155A5AF0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E5A100 GetCurrentProcessId,GetCurrentProcessId,GetCurrentProcessId,CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,Process32NextW,Process32NextW,CloseHandle,CloseHandle,5_2_00E5A100
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E4DF80 LoadLibraryW,GetProcAddress,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,LoadImageW,FreeLibrary,5_2_00E4DF80
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EF825A mov eax, dword ptr fs:[00000030h]5_2_00EF825A
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EED4DF mov eax, dword ptr fs:[00000030h]5_2_00EED4DF
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00EF825A mov eax, dword ptr fs:[00000030h]9_2_00EF825A
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00EED4DF mov eax, dword ptr fs:[00000030h]9_2_00EED4DF
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00EDBAAD mov esi, dword ptr fs:[00000030h]9_2_00EDBAAD
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EDBB19 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,5_2_00EDBB19
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00DE08E0 SetUnhandledExceptionFilter,5_2_00DE08E0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E34869 SetUnhandledExceptionFilter,NtdllDefWindowProc_W,KiUserCallbackDispatcher,5_2_00E34869
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EDE310 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00EDE310
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EE2823 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00EE2823
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00DE08E0 SetUnhandledExceptionFilter,9_2_00DE08E0
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00EDE310 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00EDE310
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 9_2_00EE2823 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00EE2823
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD15579C70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00007FFD15579C70
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1557A44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FFD1557A44C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155D2984 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FFD155D2984
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeProcess created: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe "C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" /i "C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\ReefMasterSonarViewer1.1.42.msi" AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReefMaster Sonar Viewer" APPDIR="C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer" SECONDSEQUENCE="1" CLIENTPROCESSID="3408" CHAINERUIPROCESSID="3408Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_FOUND_PREREQS=".NET Framework 4.5" AI_DETECTED_DOTNET_VERSION="4.8" AI_SETUPEXEPATH="C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" SETUPEXEDIR="C:\Users\user\Desktop\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1714054620 " AI_SETUPEXEPATH_ORIGINAL="C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" TARGETDIR="C:\" AI_INSTALL="1"Jump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeProcess created: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe "C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe" /justcheckJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeProcess created: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe "c:\users\user\desktop\reefmastersonarviewer1.1.42.exe" /i "c:\users\user\appdata\roaming\reefmaster software\reefmaster sonar viewer 1.1.42.0\install\reefmastersonarviewer1.1.42.msi" ai_euimsi=1 shortcutdir="c:\programdata\microsoft\windows\start menu\programs\reefmaster sonar viewer" appdir="c:\program files (x86)\reefmaster software\reefmaster sonar viewer" secondsequence="1" clientprocessid="3408" chaineruiprocessid="3408chainer" action="install" executeaction="install" clientuilevel="0" addlocal="mainfeature" allusers="1" primaryfolder="appdir" rootdrive="c:\" ai_found_prereqs=".net framework 4.5" ai_detected_dotnet_version="4.8" ai_setupexepath="c:\users\user\desktop\reefmastersonarviewer1.1.42.exe" setupexedir="c:\users\user\desktop\" exe_cmd_line="/exenoupdates /forcecleanup /wintime 1714054620 " ai_setupexepath_original="c:\users\user\desktop\reefmastersonarviewer1.1.42.exe" targetdir="c:\" ai_install="1"
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeProcess created: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe "c:\users\user\desktop\reefmastersonarviewer1.1.42.exe" /i "c:\users\user\appdata\roaming\reefmaster software\reefmaster sonar viewer 1.1.42.0\install\reefmastersonarviewer1.1.42.msi" ai_euimsi=1 shortcutdir="c:\programdata\microsoft\windows\start menu\programs\reefmaster sonar viewer" appdir="c:\program files (x86)\reefmaster software\reefmaster sonar viewer" secondsequence="1" clientprocessid="3408" chaineruiprocessid="3408chainer" action="install" executeaction="install" clientuilevel="0" addlocal="mainfeature" allusers="1" primaryfolder="appdir" rootdrive="c:\" ai_found_prereqs=".net framework 4.5" ai_detected_dotnet_version="4.8" ai_setupexepath="c:\users\user\desktop\reefmastersonarviewer1.1.42.exe" setupexedir="c:\users\user\desktop\" exe_cmd_line="/exenoupdates /forcecleanup /wintime 1714054620 " ai_setupexepath_original="c:\users\user\desktop\reefmastersonarviewer1.1.42.exe" targetdir="c:\" ai_install="1"Jump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155314E4 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateDirectoryW,GetLastError,SetFileAttributesW,CreateFileW,GetLastError,CloseHandle,FreeSid,LocalFree,LocalFree,14_2_00007FFD155314E4
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00E74E80 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,GetLastError,FindCloseChangeNotification,5_2_00E74E80
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EDDE86 cpuid 5_2_00EDDE86
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,14_2_00007FFD155F1F5C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: GetLocaleInfoW,14_2_00007FFD155F265C
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,14_2_00007FFD155F27B4
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: GetLocaleInfoW,14_2_00007FFD155E6770
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: EnumSystemLocalesW,14_2_00007FFD155E61A0
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: EnumSystemLocalesW,14_2_00007FFD155F2378
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,14_2_00007FFD155F2410
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: EnumSystemLocalesW,14_2_00007FFD155F22A8
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,14_2_00007FFD155F2990
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: GetLocaleInfoW,14_2_00007FFD155F2864
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_close_down.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_close_hot.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_close_normal.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_close_inactive.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_min_down.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_min_hot.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_min_normal.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_min_inactive.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_top_left.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_top_left_inactive.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_top_mid.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_top_mid_inactive.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_caption.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_caption_inactive.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_top_right.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_top_right_inactive.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_left.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_left_inactive.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_right.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_right_inactive.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_bottom_left.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_bottom_left_inactive.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_bottom_mid.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_bottom_mid_inactive.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_bottom_right.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_bottom_right_inactive.bmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\background VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\background VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\background VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\background VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\background VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\background VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\background VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\exitbackground VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.Direct3D11.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WPF.Controls.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.Models.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.Core.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WPF.Metro.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.ViewModels.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\GongSolutions.Wpf.DragDrop.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.DXGI.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\ProgramData\DIBsection\4c0b9aec54b82b64e042e8.84979931 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\ProgramData\win-net\9c0b4aec54b82b64e042e8.84979931 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\ProgramData\win-net\9c0b4aec54b82b64e042e8.84979931 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\ProgramData\DIBsection\4c0b9aec54b82b64e042e8.84979931 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\ProgramData\DIBsection\4c0b9aec54b82b64e042e8.84979931 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\ProgramData\DIBsection\4c0b9aec54b82b64e042e8.84979931 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeQueries volume information: C:\ProgramData\DIBsection\4c0b9aec54b82b64e042e8.84979931 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EA2250 CreateNamedPipeW,CreateFileW,5_2_00EA2250
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EDEF75 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,5_2_00EDEF75
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeCode function: 5_2_00EF00D9 GetTimeZoneInformation,5_2_00EF00D9
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155AB850 GetVersionExW,14_2_00007FFD155AB850
Source: C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD1558F828 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,closesocket,closesocket,closesocket,closesocket,14_2_00007FFD1558F828
Source: C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exeCode function: 14_2_00007FFD155878F0 htons,htons,htons,bind,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,14_2_00007FFD155878F0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		421
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		11
Input Capture		2
System Time Discovery		Remote Services11
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts12
Native API		11
Windows Service		11
Windows Service		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol1
Screen Capture		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts12
Command and Scripting Interpreter		1
Registry Run Keys / Startup Folder		12
Process Injection		2
Obfuscated Files or Information		Security Account Manager4
File and Directory Discovery		SMB/Windows Admin Shares11
Input Capture		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Service Execution		Login Hook1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		NTDS148
System Information Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA Secrets551
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts32
Masquerading		Cached Domain Credentials23
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items23
Virtualization/Sandbox Evasion		DCSync2
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
Process Injection		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
System Network Configuration Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431860 Sample: ReefMasterSonarViewer1.1.42.exe Startdate: 25/04/2024 Architecture: WINDOWS Score: 36 45 wyday.com 2->45 51 Snort IDS alert for network traffic 2->51 53 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 2->53 55 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 2->55 57 3 other signatures 2->57 7 msiexec.exe 140 88 2->7         started        10 ReefMasterSonarViewer1.1.42.exe 92 2->10         started        13 ReefMasterSonarViewer.exe 8 44 2->13         started        signatures3 process4 dnsIp5 29 C:\...\ReefMasterSonarViewer.exe, PE32 7->29 dropped 31 C:\Windows\Installer\MSI27FB.tmp, PE32 7->31 dropped 33 C:\Windows\Installer\MSI24CD.tmp, PE32 7->33 dropped 41 29 other files (none is malicious) 7->41 dropped 16 msiexec.exe 7->16         started        18 msiexec.exe 7->18         started        35 C:\Users\...\ReefMasterSonarViewer1.1.42.aiui, PE32 10->35 dropped 37 C:\Users\user\AppData\Local\...\shiD7E2.tmp, PE32+ 10->37 dropped 39 C:\Users\user\AppData\Local\...\MSIDF1F.tmp, PE32 10->39 dropped 43 14 other files (none is malicious) 10->43 dropped 59 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 10->59 20 ReefMasterSonarViewer1.1.42.exe 11 10->20         started        47 wyday.com 45.33.71.201, 443, 50383 LINODE-APLinodeLLCUS United States 13->47 49 127.0.0.1 unknown unknown 13->49 61 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 13->61 23 sonarviewer_updater.exe 13->23         started        file6 signatures7 process8 file9 25 C:\Users\user\AppData\Local\...\shi20F1.tmp, PE32+ 20->25 dropped 27 C:\...\ReefMasterSonarViewer1.1.42.exe, PE32 20->27 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ReefMasterSonarViewer1.1.42.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WPF.Controls.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WPF.Metro.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WpfEditors.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WpfRibbon.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DotSpatial.Positioning.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\FileDb.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\GongSolutions.Wpf.DragDrop.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.D3DCompiler.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.DXGI.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.Direct3D11.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.Direct3D9.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate.exe0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate64.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\x64\D3DCompiler_43.dll0%ReversingLabs
C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\x86\D3DCompiler_43.dll3%ReversingLabs
C:\ProgramData\Caphyon\Advanced Installer\{53A352F5-DB53-4EE6-976A-81BBB0A97267}\ReefMasterSonarViewer1.1.42.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\ExternalUICleaner.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\aicustact.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\lzmaextractor.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI527C.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI5319.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSID8BD.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSID94B.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIDD63.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIDDA2.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIDDD2.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIDE02.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIDE70.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIDEC0.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIDEE0.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIDF1F.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\shi20F1.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\shiD7E2.tmp0%ReversingLabs
C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\ReefMasterSonarViewer1.1.42.aiui0%ReversingLabs
C:\Windows\Installer\MSI2371.tmp0%ReversingLabs
C:\Windows\Installer\MSI23EF.tmp0%ReversingLabs
C:\Windows\Installer\MSI243E.tmp0%ReversingLabs
C:\Windows\Installer\MSI247E.tmp0%ReversingLabs
C:\Windows\Installer\MSI24CD.tmp0%ReversingLabs
C:\Windows\Installer\MSI27FB.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://defaultcontainer/Resources/Images/ControlBarIcons/ShowMapO50.png0%Avira URL Cloudsafe
http://foo/Resources/Images/MouseModeIcons/DropPinD50.png0%Avira URL Cloudsafe
http://foo/Resources/Images/MouseModeIcons/ZoomN50.png0%Avira URL Cloudsafe
http://foo/Resources/Images/logo.png0%Avira URL Cloudsafe
http://foo/bar/controls/sonarviewercontrolbar.baml0%Avira URL Cloudsafe
http://foo/bar/sonarviewer/channelselectcontrol.baml0%Avira URL Cloudsafe
http://defaultcontainer/ReefMasterSonarViewer;component/controls/datapanel.xaml0%Avira URL Cloudsafe
http://foo/bar/controls/recentfilelistcontrol.baml0%Avira URL Cloudsafe
http://foo/Resources/Images/ControlBarIcons/ShowSonarN50.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/mousemodeicons/rulero50.png0%Avira URL Cloudsafe
http://foo/bar/sonarviewer/sonarviewerchannelgridrows.baml0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/MouseModeIcons/ZoomD50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/MouseModeIcons/GrabD50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/ControlBarIcons/PlayD25.png0%Avira URL Cloudsafe
http://foo/Resources/Images/MouseModeIcons/RulerO50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/ControlBarIcons/ShowSonarN50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/MouseModeIcons/DropPinD50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/MouseModeIcons/ZoomO50.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/mousemodeicons/pointero50.png0%Avira URL Cloudsafe
http://foo/Resources/Images/MouseModeIcons/GrabN50.png0%Avira URL Cloudsafe
http://foo/Resources/Images/ControlBarIcons/PlayD25.png0%Avira URL Cloudsafe
http://defaultcontainer/ReefMasterSonarViewer;component/controls/mouseoverpopup.xaml0%Avira URL Cloudsafe
http://foo/Resources/Images/ControlBarIcons/ShowMapN50.png0%Avira URL Cloudsafe
http://foo/controls/quickaccesstoolbar.xaml0%Avira URL Cloudsafe
http://defaultcontainer/ReefMasterSonarViewer;component/controls/sonarviewercontrolbar.xaml0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/MouseModeIcons/GrabO50.png0%Avira URL Cloudsafe
http://foo/Resources/Images/MouseModeIcons/DropPinO50.png0%Avira URL Cloudsafe
http://foo/bar/controls/datapanel.baml0%Avira URL Cloudsafe
http://foo/Resources/Images/mouse.png0%Avira URL Cloudsafe
http://defaultcontainer/ReefMasterSonarViewer;component/controls/applicationsettingscontrol.xaml0%Avira URL Cloudsafe
http://defaultcontainer/ReefMasterSonarViewer;component/controls/recentfilelistcontrol.xaml0%Avira URL Cloudsafe
http://foo/bar/resources/images/help_d_qa20px.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/ControlBarIcons/PlayO25.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/controlbaricons/playn25.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/mousemodeicons/grabo50.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/controlbaricons/showmapo50.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/controlbaricons/stopo25.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/camera35.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/controlbaricons/showsonarn50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/ControlBarIcons/ShowMapD50.png0%Avira URL Cloudsafe
http://foo/controls/applicationsettingscontrol.xaml0%Avira URL Cloudsafe
http://foo/sonarviewer/sonarviewerchannelgridrows.xaml0%Avira URL Cloudsafe
http://foo/sonarviewer/channelselectcontrol.xaml0%Avira URL Cloudsafe
http://foo/bar/resources/images/mousemodeicons/zoomn50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/MouseModeIcons/PointerO50.png0%Avira URL Cloudsafe
http://foo/Resources/Images/ControlBarIcons/PlayO25.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/mousemodeicons/rulerd50.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/mousemodeicons/droppinn50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/MouseModeIcons/RulerO50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/Help_N_QA20px.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/note16.png0%Avira URL Cloudsafe
http://foo/bar/controls/applicationsettingscontrol.baml0%Avira URL Cloudsafe
http://foo/bar/resources/images/mousemodeicons/grabn50.png0%Avira URL Cloudsafe
http://foo/Resources/Images/MouseModeIcons/GrabO50.png0%Avira URL Cloudsafe
https://wyday.com/limelm/api/rest/D0%Avira URL Cloudsafe
http://foo/bar/resources/images/save23.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/logo_white.png0%Avira URL Cloudsafe
http://www.w3.or0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/mouse.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/mousemodeicons/pointern50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/logo.png0%Avira URL Cloudsafe
http://foo/Resources/Images/ControlBarIcons/StopD25.png0%Avira URL Cloudsafe
http://foo/Resources/Images/Note16.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/help_n_qa20px.png0%Avira URL Cloudsafe
http://foo/Resources/Images/MouseModeIcons/RulerD50.png0%Avira URL Cloudsafe
https://sectigo.com0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/Help_D_QA20px.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/quickaccesstoolbar/open_d_qa20px.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/MouseModeIcons/RulerN50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/ControlBarIcons/StopN25.png0%Avira URL Cloudsafe
http://foo/Resources/Images/MouseModeIcons/ZoomO50.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/logo.png0%Avira URL Cloudsafe
http://foo/Resources/Images/Camera35.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/MouseModeIcons/PointerN50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/QuickAccessToolbar/Open_D_QA20px.png0%Avira URL Cloudsafe
http://foo/bar/controls/mouseoverpopup.baml0%Avira URL Cloudsafe
http://www.quovadis.bm00%Avira URL Cloudsafe
http://foo/bar/resources/images/controlbaricons/stopn25.png0%Avira URL Cloudsafe
http://foo/Resources/Images/MouseModeIcons/PointerD50.png0%Avira URL Cloudsafe
http://defaultcontainer/ReefMasterSonarViewer;component/sonarviewer/channelselectcontrol.xaml0%Avira URL Cloudsafe
http://foo/bar/resources/images/mouse.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/controlbaricons/showmapd50.png0%Avira URL Cloudsafe
http://foo/bar/resources/images/mousemodeicons/droppind50.png0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/MouseModeIcons/DropPinN50.png0%Avira URL Cloudsafe
http://foo/bar/controls/quickaccesstoolbar.baml0%Avira URL Cloudsafe
http://html4/loose.dtd0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/MouseModeIcons/GrabN50.png0%Avira URL Cloudsafe
http://foo/controls/recentfilelistcontrol.xaml0%Avira URL Cloudsafe
http://foo/Resources/Images/QuickAccessToolbar/Open_D_QA20px.png0%Avira URL Cloudsafe
https://wyday.com/limelm/api/rest/httpsSignature0%Avira URL Cloudsafe
http://ocsp.sectigo.com00%Avira URL Cloudsafe
http://defaultcontainer/Resources/Images/ControlBarIcons/PlayN25.png0%Avira URL Cloudsafe
http://foo/Resources/Images/ControlBarIcons/ShowSonarD50.png0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
wyday.com
45.33.71.201
truefalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://foo/Resources/Images/MouseModeIcons/ZoomN50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/resources/images/mousemodeicons/rulero50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/Resources/Images/ControlBarIcons/ShowMapO50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/Resources/Images/logo.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44686C000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/sonarviewer/channelselectcontrol.bamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/controls/recentfilelistcontrol.bamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/ReefMasterSonarViewer;component/controls/datapanel.xamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/Resources/Images/ControlBarIcons/ShowSonarN50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/Resources/Images/MouseModeIcons/DropPinD50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/controls/sonarviewercontrolbar.bamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/Resources/Images/MouseModeIcons/ZoomD50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/sonarviewer/sonarviewerchannelgridrows.bamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/Resources/Images/ControlBarIcons/PlayD25.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/Resources/Images/MouseModeIcons/RulerO50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/Resources/Images/MouseModeIcons/GrabD50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/Resources/Images/MouseModeIcons/DropPinD50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/Resources/Images/ControlBarIcons/ShowSonarN50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/resources/images/mousemodeicons/pointero50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/Resources/Images/MouseModeIcons/ZoomO50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/Resources/Images/MouseModeIcons/GrabN50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/ReefMasterSonarViewer;component/controls/mouseoverpopup.xamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/Resources/Images/ControlBarIcons/PlayD25.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/Resources/Images/ControlBarIcons/ShowMapN50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/Resources/Images/MouseModeIcons/DropPinO50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/ReefMasterSonarViewer;component/controls/sonarviewercontrolbar.xamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/Resources/Images/mouse.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446616000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/controls/quickaccesstoolbar.xamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/Resources/Images/MouseModeIcons/GrabO50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/controls/datapanel.bamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/ReefMasterSonarViewer;component/controls/applicationsettingscontrol.xamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/ReefMasterSonarViewer;component/controls/recentfilelistcontrol.xamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/Resources/Images/ControlBarIcons/PlayO25.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/resources/images/help_d_qa20px.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/resources/images/mousemodeicons/grabo50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/resources/images/camera35.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A4469B4000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/resources/images/controlbaricons/playn25.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/resources/images/controlbaricons/showmapo50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/resources/images/controlbaricons/stopo25.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/resources/images/controlbaricons/showsonarn50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/Resources/Images/ControlBarIcons/ShowMapD50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/controls/applicationsettingscontrol.xamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/sonarviewer/sonarviewerchannelgridrows.xamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/resources/images/mousemodeicons/zoomn50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/sonarviewer/channelselectcontrol.xamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://defaultcontainer/Resources/Images/MouseModeIcons/PointerO50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/Resources/Images/ControlBarIcons/PlayO25.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://foo/bar/resources/images/mousemodeicons/rulerd50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446013000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      http://foo/bar/resources/images/mousemodeicons/droppinn50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		low
      http://defaultcontainer/Resources/Images/MouseModeIcons/RulerO50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		low
      http://defaultcontainer/Resources/Images/Help_N_QA20px.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		low
      http://foo/bar/resources/images/mousemodeicons/grabn50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		low
      http://foo/bar/controls/applicationsettingscontrol.bamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		low
      http://schemas.xmlsoap.org/soap/encoding/ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446013000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://foo/bar/resources/images/note16.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		low
        http://foo/Resources/Images/MouseModeIcons/GrabO50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		low
        https://wyday.com/limelm/api/rest/DTurboActivate.dll.6.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://foo/bar/resources/images/save23.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44655F000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		low
        http://www.openstreetmap.org/copyrightlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44638D000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://www.w3.orReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44686C000.00000004.00000800.00020000.00000000.sdmp, ReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44682F000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.yahoo.comReefMasterSonarViewer1.1.42.exefalse
            		high
            http://defaultcontainer/Resources/Images/mouse.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446616000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		low
            http://foo/bar/resources/images/logo_white.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		low
            http://foo/bar/resources/images/mousemodeicons/pointern50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		low
            http://foo/Resources/Images/ControlBarIcons/StopD25.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		low
            http://foo/Resources/Images/Note16.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		low
            http://www.openstreetmap.org/copyrightReefMasterSonarViewer.exe, 0000000E.00000000.150081123216.000002A4440B2000.00000002.00000001.01000000.0000000A.sdmpfalse
              		high
              http://defaultcontainer/Resources/Images/logo.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44686C000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://foo/Resources/Images/MouseModeIcons/PointerD50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://foo/bar/resources/images/help_n_qa20px.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://foo/Resources/Images/MouseModeIcons/RulerD50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              https://sectigo.comReefMasterSonarViewer1.1.42.exe, 00000009.00000003.150009909403.00000000012F2000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000002.150011601011.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000003.150009347313.00000000012E0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://defaultcontainer/Resources/Images/Help_D_QA20px.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://defaultcontainer/Resources/Images/MouseModeIcons/RulerN50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://foo/bar/resources/images/quickaccesstoolbar/open_d_qa20px.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://defaultcontainer/Resources/Images/ControlBarIcons/StopN25.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://foo/Resources/Images/MouseModeIcons/ZoomO50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://foo/bar/resources/images/logo.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44686C000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://defaultcontainer/Resources/Images/QuickAccessToolbar/Open_D_QA20px.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://foo/Resources/Images/Camera35.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A4469B4000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://defaultcontainer/Resources/Images/MouseModeIcons/PointerN50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://foo/bar/controls/mouseoverpopup.bamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              https://www.advancedinstaller.comReefMasterSonarViewer1.1.42.exe, MSIDDD2.tmp.5.dr, MSID8BD.tmp.5.dr, MSIDF1F.tmp.5.dr, MSI5319.tmp.5.drfalse
                		high
                http://www.quovadis.bm0ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082328381.000000000097B000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000002.150087103964.000000000099C000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149763968615.000000000099E000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082716103.000000000097B000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150082845986.000000000099A000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053603692.0000000000978000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.150053420732.0000000000954000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000005.00000003.149971177637.0000000000954000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer1.1.42.exe, 00000009.00000002.150011223373.0000000001260000.00000004.00000020.00020000.00000000.sdmp, ReefMasterSonarViewer.exe, 0000000E.00000002.151016938725.000002A45E7E1000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://secure.comodo.com/CPS0LReefMasterSonarViewer1.1.42.exe, TurboActivate.dll.6.drfalse
                  		high
                  http://foo/bar/resources/images/controlbaricons/stopn25.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://defaultcontainer/ReefMasterSonarViewer;component/sonarviewer/channelselectcontrol.xamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://foo/bar/resources/images/controlbaricons/showmapd50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://foo/bar/resources/images/mouse.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446616000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://foo/bar/controls/quickaccesstoolbar.bamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://defaultcontainer/Resources/Images/MouseModeIcons/DropPinN50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://foo/bar/resources/images/mousemodeicons/droppind50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://html4/loose.dtdReefMasterSonarViewer.exe, 0000000E.00000002.151033527663.00007FFD155FE000.00000002.00000001.01000000.0000000E.sdmp, TurboActivate.dll.6.drfalse
                  • Avira URL Cloud: safe
                  		low
                  http://defaultcontainer/Resources/Images/MouseModeIcons/GrabN50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://foo/controls/recentfilelistcontrol.xamlReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://foo/Resources/Images/QuickAccessToolbar/Open_D_QA20px.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446644000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  https://wyday.com/limelm/api/rest/httpsSignatureReefMasterSonarViewer.exe, 0000000E.00000002.151033527663.00007FFD155FE000.00000002.00000001.01000000.0000000E.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://ocsp.sectigo.com0ReefMasterSonarViewer1.1.42.exefalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://defaultcontainer/Resources/Images/ControlBarIcons/PlayN25.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A44656D000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://foo/Resources/Images/ControlBarIcons/ShowSonarD50.pngReefMasterSonarViewer.exe, 0000000E.00000002.151009984417.000002A446498000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  45.33.71.201
                  		wyday.comUnited States
                  		63949LINODE-APLinodeLLCUSfalse

                  Private

                  IP
                  127.0.0.1

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1431860
                  Start date and time:2024-04-25 22:04:15 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 12m 49s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                  Run name:Suspected VM Detection
                  Number of analysed new started processes analysed:19
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:ReefMasterSonarViewer1.1.42.exe
                  Detection:SUS
                  Classification:sus36.evad.winEXE@11/149@1/2
                  EGA Information:
                  • Successful, ratio: 100%
                  HCA Information:
                  • Successful, ratio: 72%
                  • Number of executed functions: 128
                  • Number of non-executed functions: 187
                  Cookbook Comments:
                  • Found application associated with file extension: .exe

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, VSSVC.exe, WmiPrvSE.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 20.60.80.196
                  • Excluded domains from analysis (whitelisted): reefmastersoftware.blob.core.windows.net, spclient.wg.spotify.com, blob.sjc21prdstr07a.store.core.windows.net, ctldl.windowsupdate.com
                  • Report creation exceeded maximum time and may have missing disassembly code information.
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtSetInformationFile calls found.
                  • VT rate limit hit for: ReefMasterSonarViewer1.1.42.exe

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  22:06:44API Interceptor3x Sleep call for process: ReefMasterSonarViewer1.1.42.exe modified
                  22:06:57API Interceptor1x Sleep call for process: ReefMasterSonarViewer.exe modified

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  LINODE-APLinodeLLCUShttps://lide.alosalca.fun/highbox#joeblow@xyz.comGet hashmaliciousHTMLPhisherBrowse
                  • 69.164.216.107
                  https://starmicronics.com/support/download/starprnt-intelligence-software-setup-exe-file-v3-6-0a/#unlockGet hashmaliciousUnknownBrowse
                  • 139.162.178.190
                  http://pengoodet.liveGet hashmaliciousUnknownBrowse
                  • 96.126.103.92
                  https://runrun.it/share/form/0SRuaDvcQOCgwT9FGet hashmaliciousHTMLPhisherBrowse
                  • 198.58.105.130
                  https://runrun.it/share/form/0SRuaDvcQOCgwT9FGet hashmaliciousHTMLPhisherBrowse
                  • 198.58.105.130
                  https://url.za.m.mimecastprotect.com/s/oln8C66VVXhXmkXOs6FLej?domain=url3687.joseeustasiorivera.comGet hashmaliciousHTMLPhisherBrowse
                  • 45.33.29.14
                  iwjvkEAIQa.rtfGet hashmaliciousUnknownBrowse
                  • 139.162.255.78
                  New Order - DUBAI BURJ KHALIFA LLC - PRICE ENQUIRY - RFQ 60000764690.xla.xlsxGet hashmaliciousUnknownBrowse
                  • 139.162.255.78
                  https://www.freelancer.com/users/login-quick.php?token=30b3628412ea618dcc3f414b266ae263302b3e1b43e6d2d885225319dabe8e68&url=https://absoluteepoxyflooring.com.au/0auth&user_id=13769623&expire_at=1569845677&uniqid=13769623-38750-5d42d7ad-e72874f2&linkid=0Get hashmaliciousHTMLPhisherBrowse
                  • 50.116.26.102
                  https://www.sigtn.com/utils/emt.cfm?client_id=9195153&campaign_id=73466&link=aHR0cHM6Ly9icm9kbWFuc2dkdG5wZ2VzZWMuY29tL0NrMTgwZG5RbkFPVmZJM0V3ZTZEUDdTWTBYR201dXR4TlhOMkVrTHZBUTFmVUZ2a0tOL2hvd2FyZC5zdGV5bkBsY2F0dGVydG9uLmNvbS9jTGJ2cUtyZ1l5d3dpMkpOM0NGYXdrdW5kSFp4amJBQ2R0RkhneHNSGet hashmaliciousHTMLPhisherBrowse
                  • 173.255.227.238

                  JA3 Fingerprints

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  ce5f3254611a8c095a3d821d44539877SecuriteInfo.com.Riskware.Application.14509.10596.exeGet hashmaliciousUnknownBrowse
                  • 45.33.71.201
                  SecuriteInfo.com.Win64.TrojanX-gen.26710.19883.exeGet hashmaliciousUnknownBrowse
                  • 45.33.71.201
                  loader.exeGet hashmaliciousBinder HackTool, XWormBrowse
                  • 45.33.71.201
                  SecuriteInfo.com.Variant.Jaik.52393.17592.31202.exeGet hashmaliciousUnknownBrowse
                  • 45.33.71.201
                  SecuriteInfo.com.FileRepMalware.26162.12640.exeGet hashmaliciousUnknownBrowse
                  • 45.33.71.201
                  SecuriteInfo.com.Win64.MalwareX-gen.1700.8009.exeGet hashmaliciousUnknownBrowse
                  • 45.33.71.201
                  SecuriteInfo.com.Win64.MalwareX-gen.1700.8009.exeGet hashmaliciousUnknownBrowse
                  • 45.33.71.201
                  SecuriteInfo.com.Win64.TrojanX-gen.21257.15643.exeGet hashmaliciousUnknownBrowse
                  • 45.33.71.201
                  SecuriteInfo.com.Variant.Tedy.452358.22106.11215.exeGet hashmaliciousUnknownBrowse
                  • 45.33.71.201
                  SecuriteInfo.com.Win32.MalwareX-gen.14276.1797.exeGet hashmaliciousUnknownBrowse
                  • 45.33.71.201

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Config.Msi\140223a.rbs

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:modified
                  Size (bytes):18881
                  Entropy (8bit):5.8150208467725895
                  Encrypted:false
                  SSDEEP:192:LepK/+n/NnjKG4zZvUTeg+YfAJgYfAYl7Ux6b8PDepr1:LeM/+n/NnjH4AfgfUEb8PO
                  MD5:41C286B7A08424DFAD817E72D5E0E64F
                  SHA1:0B5CC3EB8CD095FD314C74975BEDED2A513E99A8
                  SHA-256:9648231DE2EC26284351550EEEB87FA8FDB65AAA5502795466E53EF1EA6CDC98
                  SHA-512:829CCE1BD5293FF600D87D658874734688B3D9FF303D63C93EC127B8C219B0F7EAFFDD963AB56DD09ACDDB0FE500F0C9D2CDE61126304DCE3789008B5B6AE309
                  Malicious:false
                  Reputation:low
                  Preview:...@IXOS.@.....@..X.@.....@.....@.....@.....@.....@......&.{53A352F5-DB53-4EE6-976A-81BBB0A97267}..ReefMaster Sonar Viewer..ReefMasterSonarViewer1.1.42.msi.@.....@*....@.....@......reefmasterlogo.exe..&.{6C75B81B-981D-442D-A5A0-90A54B9CEE12}.....@.....@.....@.....@.......@.....@.....@.......@......ReefMaster Sonar Viewer......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{EDD28E99-81DF-4D00-9FE4-8E25DE24D41F}&.{53A352F5-DB53-4EE6-976A-81BBB0A97267}.@......&.{700D0461-E6FF-4312-906E-3873294A6DCF}&.{53A352F5-DB53-4EE6-976A-81BBB0A97267}.@......&.{DD25CC1C-F23D-4C47-83F8-91E6C1153639}&.{53A352F5-DB53-4EE6-976A-81BBB0A97267}.@......&.{3DECD565-3847-4C2F-8D97-5D2D9ECDD49D}&.{53A352F5-DB53-4EE6-976A-81BBB0A97267}.@......&.{B42D1A49-C96F-41F9-8A95-83604CD75C2A}&.{53A352F5-DB53-4EE6-976A-81BBB0A97267}.@......&.{F3C40F47-2D0F-48FC-B065-A16AAEC5A4B0}&.{53A352F5-DB53-4EE6-976A-81BBB0A97267}.@......&.{9

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WPF.Controls.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1491752
                  Entropy (8bit):6.191968846501088
                  Encrypted:false
                  SSDEEP:24576:UHBkDa3rjiE2vedZIco+Qsi2zWm/Evhzr5N5xSdD/6P6Quek2zyk2rdAE1EqABY8:UH8jNKu+Y2zWGEvhzr5N5xmD/6P6YcrM
                  MD5:790E8E38F4C12F1461BAA25370E6D97B
                  SHA1:339B435E044C41523259A8ECE969154AC9F52196
                  SHA-256:B7C4F4C9462759F8095897FED2AA97395B30AE43A5FB65780D9F0AD7ADD3D0A0
                  SHA-512:4986ED8A8BA40C6A4C932FF22A254A05B6A59B5BB3F9DEEBF7FF32654ED44266A79D5CCE8CD9162302AB9C2C163E09DB9187DE52A589EEE819EA31BBF3161053
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ISfT...........!..................... ........@.. ....................... ...........@.....................................O.......................(...........4................................................ ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......(................}...4..P .......................................I.....n..D\M..)uk..C.$..e%=(..^h..0...3U..#)..|'m..r..lw..?.8.,..x.ZqtR...a...n.(.r....9.^.|'3|%0.>.J....0.....*..i. e.0...........{....,..*..s....%.}.....*...0...........(.....(....~...........s ..........s!...s"...o#...&.(....~...........s ..........s!...s"...o#...&.(....~...........s ..........s!...s"...o#...&.(....~...........s ..........s!...s"...o#...&.(....~...........s ..........s!...s".

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WPF.Metro.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):269608
                  Entropy (8bit):6.2510004376399
                  Encrypted:false
                  SSDEEP:3072:FK0VBIkXfkPKCVBj1x9rr1DbztJMM215AtWLlX4LPkfLPKOvGFnGUBNKW2O5lqm:oITMPKCVBj1zrxBJMM2vCINgDt2O5t
                  MD5:786CD838C624B35501120D4988A97EC8
                  SHA1:D1CF2EBCFA477B5DA1528183249378C118112088
                  SHA-256:39D0DC8E7D755F74674AD79D1EE2AB500DA0C3DEF288D3FA5A05D6580B1E3C24
                  SHA-512:F99F47E742E769A9050D0B990AB97424E9F440C01B059FD95D0DC2779526356FD4B108D234AD02080F344BC62B5D66A2F5CA9D85DA7EC63765CFE4695A4FD002
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.........`........... ... ....... ....................................@.................................. ..(....`..................(....@....................................................... ............... ..H............textxc...... ...................... ..`.idata..V.... ......................@..@.reloc.......@......................@..B.rsrc........`......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WpfEditors.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):683304
                  Entropy (8bit):6.230343236715496
                  Encrypted:false
                  SSDEEP:6144:EYnpHm7cLtkeSR64fwi5iu3Li9Z9JZJZxMdK5fQVTpNGuxlvcH29w+Q0WRfcxzXW:oKtQV2KlvW29w0WRfc5Xxl32ab/5y
                  MD5:3B81EFE43D501E3FAD7D7134173D13B8
                  SHA1:35613E339DE4D758DF8711EDA2CE39E810535E28
                  SHA-256:66F0AADACB36C25FD2EC5E4909959150C9AD6CB9D6081D6F8A9A4388AAE41047
                  SHA-512:535198CB4C75233F695B1C94C3610F5595C405CF646179D9F5DB5E8395B954D8C0CCC11B8CA962A1B7F06355C7476E478E38DD9E74CA31377BCA605486265C2B
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.....`...........m... ........... .............................." ....@.....................................(.......t............^..(............................................................................ ..H............textxc..M... ...N.................. ..`.datax..0............R..............@....idata..V............T..............@..@.reloc...............V..............@..B.rsrc...t............X..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WpfRibbon.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1373992
                  Entropy (8bit):6.321435748782813
                  Encrypted:false
                  SSDEEP:24576:L7jx6J8PE5VtqqOIcaGYhdCPoGd1iPtP1cBVq6wNjY++qJYvzeZ3o8tRC1yN3s+8:L7jx6J8PE5VtqqOIcaGYhdCPoI1iPtP4
                  MD5:642AAE5D216F7C935686FE8FF44A1997
                  SHA1:61FA0698963AB598937640D0998A452D2B1A9A83
                  SHA-256:8A29D4C3E0A23D868E0AA65773E487D26B16FC21CA6BFC47173D66B950EBC5CF
                  SHA-512:C502B1B047034764B8A721D93E96357DFAA6FA004A9D3E9BDE6D9C19D8A5A0F62E2C17FFF9347074641DDD6ECAC9A49580E36EF1A4B168740F644C9E9DCB3FFE
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.........`........... ........... .......................`......Z.....@.....................................(....@..................(.... ....................................................................... ..H............textxc...... ...................... ..`.idata..V...........................@..@.reloc....... ......................@..B.rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DotSpatial.Positioning.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):376832
                  Entropy (8bit):5.89635256000845
                  Encrypted:false
                  SSDEEP:6144:y/TksSI2s8VHb0sHGmANfuUc5LLTWiTpLcvlbgDUbtIVVDLmzjTSMRij4JTrK6qg:ybksIXVHgsHGmANAG65VG
                  MD5:DDB05554266CD6312E548393C6BEEFD1
                  SHA1:061E9467D4374D0C43EB9074CAE77D2F9F34B920
                  SHA-256:A36B6183566559B6AFA6C078D35FAD0D8BDC972D6964A819C1A0187093EE29DC
                  SHA-512:E751C47DBE1FC29C87B766067C76EB468935228F8D9CD96DE254D3144073DD568249DDEE4113544BC8D34E0A890A8053C47EFCF999FB7389F1100F632281139A
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.S...........!..................... ........... ....................... ......?.....@.................................d...W...................................,................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......$....2...........s..i...P .......................................q.K.L...;.Ou.7n.5......id.4.m."..y}..uKo#...]...../.}....]......=r.....O..7.T....n...+La...W..)..?.]....{,....EU0.G<.J..x"..}....*6..(_...}....*>....(]...}....*:...(^...}....*6..(....(....*.0...........(....,..#........}....*.-.(.......s......r...pr...po....r...pr...po....r...pr...po....r...pr...po....&.o....o......W....... ..o ......i....E............H...8.....#........}............(......(!...-..

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DotSpatial.Positioning.xml

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1512959
                  Entropy (8bit):4.517524880491571
                  Encrypted:false
                  SSDEEP:6144:SqpN5vYqFjf0kkf2XjteCmu0K3LOSuDaJwVMwVniqAvooGUtsHI8Yml+E60pNrCw:JFpdvMC2
                  MD5:DA3A0A3CAD3A31212E2FE57466BC4FF7
                  SHA1:559150F52F4EBCCC3B375BDEBCCD79B489EC2A73
                  SHA-256:CB9470581E118E3F5F66CB651C96AE7BDED52A009FF18DACB8ABC48EF72B1B7C
                  SHA-512:9FFCD92BC2465B9184C3E7FB9396557D0FDE7D605FB39BA65F99A1FF6AE0859C055527097A8F97FA511933483B000E9B3664E04F3FCB1FE4D057CEDCD478EA12
                  Malicious:false
                  Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>DotSpatial.Positioning</name>.. </assembly>.. <members>.. <member name="T:DotSpatial.Positioning.Angle">.. <summary>.. Represents an angular measurement around a circle... </summary>.. <seealso cref="T:DotSpatial.Positioning.Azimuth">Azimuth Class</seealso>.. .. <seealso cref="T:DotSpatial.Positioning.Elevation">Elevation Class</seealso>.. .. <seealso cref="T:DotSpatial.Positioning.Latitude">Latitude Class</seealso>.. .. <seealso cref="T:DotSpatial.Positioning.Longitude">Longitude Class</seealso>.. .. <example>.. These examples create new instances of Angle objects... <code lang="VB" description="Create an angle of 90.">.. Dim MyAngle As New Angle(90).. </code>.. <code lang="CS" description="Create an angle of

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\FileDb.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):70144
                  Entropy (8bit):5.660746805382602
                  Encrypted:false
                  SSDEEP:1536:Vcb7/5NfSKHyfnakxUjnNQF7YmFs1PcNhk2t6wQrKMj:VcFCnakyniF7iUP6wQ
                  MD5:26616FF821509A5595E8FB57D9DDD79B
                  SHA1:F8A72AEE88768A1EA58989C73D7D92ED59A29C3D
                  SHA-256:6CE867C81F68FBB2165C129780F7C00942123289E18B6847E101639242DDB3BA
                  SHA-512:B5CB79EE4FC62E7FA277D69081365A774D7B5392FF7A7932972A4FADF704D98B724283F762DEF463786D24BC32546A6B7FB645F61B55E4D21478143FF43E89D9
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'."O...........!.................&... ...@....@.. ..............................7.....@..................................%..W....@.. ....................`......P%............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................&......H..............................P ......................................r9......"=Q.y..}R.......J.wRm......I.....[.........E...p...1.JW:..........G...v...`..!.:5C#..LT).%*.....4./3.~-1.P...(....*n.o.....{....o.....(.......*.0...........-..+......,\..i.Xs...........+?........o3...,.r...p.(......sX...z..{....ov....o2...o0......X.......i2.+T.{....ov...o.....Xs......{....ov...o......+...(.......o0.....(....-...........o......,..rg..p...o....s....o0........(......o...

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\GongSolutions.Wpf.DragDrop.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):58880
                  Entropy (8bit):5.968759221851545
                  Encrypted:false
                  SSDEEP:1536:vHCMFYpT+5nJ+VYqZZi8sXMoIddhikqg5W1E:/fS4J+6Gi9coIdd+g5iE
                  MD5:AF8B35F8810080920CD827E44CE44192
                  SHA1:D6026DB422B3D7394FFAE3A1FCC6CD224CB8990B
                  SHA-256:01ECB5B51C6F0822D23C3B67AFCB0DEA40A3BFC0BDEBA15323CC4FFF1B91B3F7
                  SHA-512:C1D333E9765BC390A34380B14844245A30F9D65D09FCE03FD171FAD7F4DDFF1818C3C4FE8774A58F7A6902B25CE324630C136A221D7CBF46EE8E3BEE17A9D93F
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C.7S...........!................n.... ........... .......................@............@.....................................O............................ ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................P.......H.......h...|{..........(i..@............................................0..l.........oh...(...+(...+..........-....oh...(...+(...+o_.....+..........-....oh...(....o_.......o^...-..+...oc....*.0.............+..*..*..*..(....*....0..%.........(.........-....o......(....o......*....0..#.........o......o....(......o....(......o....oi....o.............:......o....oe...(.......o......+G..o..........o...............-'....o.......3.........+.......-....Y......o........-.....u>......

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.Core.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):28672
                  Entropy (8bit):5.809240126593757
                  Encrypted:false
                  SSDEEP:768:vqRpHcX2dZd6Ll79vt0zx8TwLHbw+8KNOY:vqRp8Cw79FUeTY73BOY
                  MD5:B02E92942BD57AAE95593E24715C2D58
                  SHA1:0A57535EF129011CB3482D6757A6B95F4C96BE01
                  SHA-256:9327899A62188A9DC0274ACB0F6145CAF3665045ED84FBEFF40DBB56D47ED79B
                  SHA-512:EE9FF2DC6C1E161166BDC8E33E00F24E500E9B7006B95274385CAE58E8466E3A75B65526A90C902CA00E34E4BEB8EA12C4767DF260AF2E2C0F5841FBE3B7AC56
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3I8b........... .....h..........6.... ........@.. ....................................`....................................W.................................................................................... ............... ..H............text...<g... ...h.................. ..`.rsrc................j..............@..@.reloc...............n..............@..B........................H.......(N...8..........`K................................................(....*>..{.....X}....*z.(......}.....(....o....}....*..0...........{............3.....(.....*..................0..^........{......,...;.......D.....}.....s....}.....{.....{....}......}......}.....{..........s.......{...........s....%..}....%..}....o....}.......}....8......{....o....}......{....}......}.............}.....{....{.......{.......Y}.....{....{....-...+M.{........{....X.{....{....X .!W..{....

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.FileHandling.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):81920
                  Entropy (8bit):5.963210283093997
                  Encrypted:false
                  SSDEEP:1536:oWy/XvLzaT8lXegQPulYdasDG/7SmKQdUL/QdwUA8hUTvIPvUoprsLqFfOm:mPllXegQPIYdaZuEdw0hpDprZWm
                  MD5:5F393AFB7B0B114FB43914D73F5C9B98
                  SHA1:10269E6AE3C345240709B1C3D664714727AB66FF
                  SHA-256:B49EE2869D3D1DA6C057A27C28ACA41A95665DF9EA6ADBA7CCB32E773360328D
                  SHA-512:F2A55C784E00994EE1ADDE80A6BA509954774701FEC5DD602A1B4F11C6F12DEC66287843F6BF3D187A856377E6B5AD4AD38B033D8CC152A14D19B70FC7A90A43
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9I8b........... .....8...........W... ...`....@.. ....................................`.................................`W..W....`............................................................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............>..............@..B.................W......H......................4.................................................(....*>..{.....X}....*z.(......}.....(....o....}....*..0...........{............3.....(.....*..................0..^........{......,...;.......D.....}.....s....}.....{.....{....}......}......}.....{..........s.......{...........s....%..}....%..}....o....}.......}....8......{....o....}......{....}......}.............}.....{....{.......{.......Y}.....{....{....-...+M.{........{....X.{....{....X .!W..{....

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.Models.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):51712
                  Entropy (8bit):5.891514397381623
                  Encrypted:false
                  SSDEEP:768:w3zBDDcZEN2ctoi1zMzMi/SyqEaX1SFrCHiZwYGVtm15G0HPieM/:w3z1DoctlzMzV/9617YGVtm15GYieM/
                  MD5:7BFB9585EB43E2715723ED0DC1D8D3E8
                  SHA1:C7523D13AA03B06A2C0DC968B275A4D2B3477958
                  SHA-256:3083148F4082BAA1ADA21F63984ED6946BDC3183F97F340EF35C6216E8A83F7D
                  SHA-512:792769CDAD285CE7635DD4BF047239F912264FFFFC7F45300BC1ED61394E9042EDEAD4BB97F4DAABFA80D00AB1676616C3289CD1C4C7DE3A629406C886F14AEE
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>I8b........... ..................... ........@.. .......................@............`.....................................W............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......l~..<b..........|x................................................(....*>..{.....X}....*z.(......}.....(....o....}....*..0...........{............3.....(.....*..................0..^........{......,...;.......D.....}.....s....}.....{.....{....}......}......}.....{..........s.......{...........s....%..}....%..}....o....}.......}....8......{....o....}......{....}......}.............}.....{....{.......{.......Y}.....{....{....-...+M.{........{....X.{....{....X .!W..{....

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMaster.ViewModels.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):32256
                  Entropy (8bit):5.625501686931411
                  Encrypted:false
                  SSDEEP:768:bPye34VQXnG9XhNHAk+ZbwVvVuWpflUXvnZjIw:Le9XhN7Q8djpfsZMw
                  MD5:46348275C7776F75D5FA4C6865352161
                  SHA1:8B2C493029E23B7287C5BD2E6A8B4EE87D99A282
                  SHA-256:0D3673F835F0D093D96C09FE52A0230B48905D8B7762C21ED1CD6AD153463AE6
                  SHA-512:3A52CBD2D71D1CD33D71A3236BE05C2F9D6EF8A7F068D14333DDB9426E7EE2B06B482B218D2CCBBE22228997255B9B972A5F510861C4EC8236F8248BF21CEEC4
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...CI8b........... .....v............... ........@.. ....................................`.....................................W.................................................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B.......................H........U...?...........T................................................(....*>..{.....X}....*z.(......}.....(....o....}....*..0...........{............3.....(.....*..................0..^........{......,...;.......D.....}.....s....}.....{.....{....}......}......}.....{..........s.......{...........s....%..}....%..}....o....}.......}....8......{....o....}......{....}......}.............}.....{....{.......{.......Y}.....{....{....-...+M.{........{....X.{....{....X .!W..{....

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.chm

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:MS Windows HtmlHelp Data
                  Category:dropped
                  Size (bytes):9513158
                  Entropy (8bit):7.9991519618014895
                  Encrypted:true
                  SSDEEP:196608:iwAt9cEB/aFFmTYuYHdcKG360rjpywcpP/mTNLZJTYpt:ift9cEB/ahRcgkMcNL/6
                  MD5:0FB803073E83EE1E2F4FB59C2DC30707
                  SHA1:04963E667929F71B4010F8795B4A515E722BBBEE
                  SHA-256:FEB42EF7A1F71343001C29CFD1F4E42B6483F9458BA364CF9338D3A11C695180
                  SHA-512:DC149E74DA7D91745949D435DE8F3A43D4CCCBFE51F209459C426630B5EE30CBBC38592D4222F6B4DFA19A24759659A42A00E050C081283067D72A036ACB4A20
                  Malicious:false
                  Preview:ITSF....`........{;........|.{.......".....|.{......."..`...............x.......T........................(..............ITSP....T...........................................j..].!......."..T...............PMGL................./..../#IDXHDR...E.../#ITBITS..../#IVB...]D./#STRINGS...$.../#SYSTEM..V.D./#TOPICS...E.../#URLSTR...A.c./#URLTBL...Ul./#WINDOWS.....L./$FIftiMain.......'./$OBJINST......./$WWAssociativeLinks/..../$WWAssociativeLinks/BTree...%.L./$WWAssociativeLinks/Data...qh./$WWAssociativeLinks/Map...Y../$WWAssociativeLinks/Property...c ./$WWKeywordLinks/..../$WWKeywordLinks/Property...!../IDH_Topic10.htm..^.`./IDH_Topic20.htm.....c./IDH_Topic30.htm...v.&./IDH_Topic40.htm...p.y./IDH_Topic50.htm...i.b./IDH_Topic60.htm..>.U./IDH_Topic70.htm.....T./IDH_Topic80.htm...K.[./Images/..../Images/Image(11).png....k.#./Images/Image(12).png......L./Images/Image(13).png....]..B./Images/Image(14).png.......2./Images/Image(15).png....6..q./Images/Image(17).png....0.`./Images/Image(18

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1775328
                  Entropy (8bit):6.309119227616771
                  Encrypted:false
                  SSDEEP:12288:w9PNBQPivJSfmCA0g2ObJ2E6hjeH6pfdBfiR:w9L+s2wJ2JeQfiR
                  MD5:F9102FCEA8DC399EB9AE26DDA815D0C9
                  SHA1:0405090141B2BDF8F01B3780054A0C3D529B0EF6
                  SHA-256:90A7FEEEB4D164D0C3648E3639113DEB0EF644C0A87D3AB0B5B48B2CF333F717
                  SHA-512:831950EEEB40D77CE52567C41239A68EEE0AD913FDD26D0B57B2CE276D0F43106C141085A3929413CE0B00D2EA9DE4F4F134218DABD7F7D5CD88C0015D8BB808
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[I8b.................d..........*.... ........@.. .......................`......E.....`....................................W........................"...@....................................................... ............... ..H............text...0b... ...d.................. ..`.rsrc................f..............@..@.reloc.......@......................@..B........................H.......4...........*......L\............................................(-...*>..{.....X}....*z.(-.....}.....(....o/...}....*..0...........{............3.....(.....*..................0..^........{......,...;.......D.....}.....s....}.....{.....{....}......}......}.....{..........s0......{...........s....%..}....%..}....o....}.......}....8......{....o....}......{....}......}.............}.....{....{.......{.......Y}.....{....{....-...+M.{........{....X.{....{....X .!W..{....

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe.config

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1515
                  Entropy (8bit):4.714184803590379
                  Encrypted:false
                  SSDEEP:24:2dqIK07E4VK9NK6E4Ev+X+rSHQGnvr2gQEHva2govo2gEkvJk/BqVnvi:crr7HV8N7HqprSHQGnTTQEHSTowTpaB5
                  MD5:E1A8B97CF80C42719AFA0B771227FF61
                  SHA1:A3CAC173037D2DA6E5CA2237386EFBEAFD5385BF
                  SHA-256:A0859669A16866FDB4288865E7C77A539237AF2350D2358F9ED2231EE6DA3DD8
                  SHA-512:71D16B7EDDD2845E0D94D0AA4DAD9ECC1A29CEBD6882166C3A4B1FF612999F473BBB00BC6D5E8BCDC3B3FD7592C8A86D2AC577F6869E21CED3925F9C3162000A
                  Malicious:false
                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">.. <section name="ReefMasterSonarViewer.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false"/>.. </sectionGroup>.. </configSections>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. </startup>.. <userSettings>.. <ReefMasterSonarViewer.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="GPSDisplaySetting" serializeAs="String">.. <value>DegreesMinutesDecimal</value>..

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.D3DCompiler.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):44032
                  Entropy (8bit):5.842333337062087
                  Encrypted:false
                  SSDEEP:768:cxn1tRAybL2bdv+C2fgvcGEDlHr8qut48CaHYObQ:cxuwAdvB2hnHAqut47AYObQ
                  MD5:BEF1144D3D3ED8A38D981001B451A7E9
                  SHA1:3FCDF9354A17224F9324224317906DA22C0331B8
                  SHA-256:5251506B2B0B00616EEF9157AE20E794CD5A75AF6F28EF30654D52FBED928ECC
                  SHA-512:7F09E78CD49A0543E9E29E8E5FED5DF945B6C48265057311C008F84308CEC33AEFF282272A31B7E83770E12C744912A00D4BB3CA2FF3616B7A10EA0CD3B47F22
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....PT...........!..................... ........@.. ....................... ...........@.....................................K...................................X................................................ ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......`N...q...................M........................................(....**....(....*.2.-..*.o....*...J.-..+..o....(....*..~....~....(....,.r...p(.........~....*..0...........(......,...i.....+....,!..+...............(......X....i2.~.....~.......%..,....i-.....+............(.....(.....(.........(..............(....(....)....(...........(.....,'...+.................(.......X......i2....~....(....-..s....+..Q....~....(....-...s....+..Q..(......*....~....~....(....,.(....r

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.D3DCompiler.xml

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines (937), with CRLF line terminators
                  Category:dropped
                  Size (bytes):359319
                  Entropy (8bit):5.044978049578481
                  Encrypted:false
                  SSDEEP:1536:amjtB/tqbZQtaabh8OsbtDuzPiLHwPb8TSIhkkC0OMcm6GmKymGChGmaCmGNG0KO:dwrG0to5ixMmKQ
                  MD5:316D955F10C1316395E68561E01F3936
                  SHA1:4EE8B934EF521DB25DEAE1D575A64D5659BF9E99
                  SHA-256:9F028D563FB7B0726C6F576064F1B4AF8ABF4C346A46DF7F1015B72DFBA02443
                  SHA-512:5C9577A830E086783B4B2CE8A0AA49A9C216843D194D49EEE81C25935366613DCD0D2FC1A1BAF49B7A60FE2904E0DB7C762812669620B90330CBD4D6A0D701A4
                  Malicious:false
                  Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>SharpDX.D3DCompiler</name>.. </assembly>.. <members>.. <member name="T:SharpDX.D3DCompiler.AssemblyDoc">.. <summary>.. The <see cref="A:SharpDX.D3DCompiler"/> assembly is a managed Direct3D Compiler API... </summary>.. <msdn-id>dd607340</msdn-id>.. <unmanaged>D3DCompiler</unmanaged>... <unmanaged-short>D3DCompiler</unmanaged-short>... </member>.. <member name="T:SharpDX.D3DCompiler.CompilationResult">.. <summary>.. Shader compilation results... </summary>.. </member>.. <member name="M:SharpDX.D3DCompiler.CompilationResult.#ctor(SharpDX.D3DCompiler.ShaderBytecode,SharpDX.Result,System.String)">.. <summary>.. Initializes a new instance of the <see cref="T:SharpDX.D3DCompiler.CompilationResult"/> class... </summary>.. <param name="bytecode">The byte

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.DXGI.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):90624
                  Entropy (8bit):5.857661172435519
                  Encrypted:false
                  SSDEEP:1536:agd4bApvBSy7K3Ddoepd28wvTShSCivO5Ib6VU3x8NFars:agd3pSyOTaQwb+9grs
                  MD5:489C6A50650B3DDAE2716FC0F459DC48
                  SHA1:201AD8B0CA45EB6C9A49117A661EE1CC741678DB
                  SHA-256:EF17E509B930D11E4D4E8E52FC96ACDCB0F4907CE7978F4D25DF8D20CF997910
                  SHA-512:9D30234882E2BE7D2660792BBC1AB79659F95E0C36020020944A0F7C3A63BEF29EC68E559F455A823E7ACD44977197AB6B80C6E463FD13480E4273732072F353
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....PT...........!.....X...........w... ........@.. ....................................@..................................v..S...................................hv............................................... ............... ..H............text...4W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B.................w......H........J...+..................0J.......................................(....*..0................(....(......(.....(...+*.."..(....*...Z.~....(....-..s....*.*..0..5........{.........(.....{....M........ZXM)....(.......(....*....0..C........{........,..o....+.~....(.....{....M........ZXM)....(.......(....*..0..5..........{..........(.....{....M........ZXM)....(.........*....0..5..........{..........{....M........ZXM)....(..........(....*....0..:.......s.......o......(......~.

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.DXGI.xml

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines (2348), with CRLF line terminators
                  Category:dropped
                  Size (bytes):422244
                  Entropy (8bit):5.0830988086469375
                  Encrypted:false
                  SSDEEP:6144:xwwWU2AtIe1mQV8e44uAedmPOKusPw3V+Ix2y5CqDz:gU2AtIe1mQV8e44uAedmPOxsCx2yCqf
                  MD5:1B9835DA54B02D5B5BC2DCBDC7678A16
                  SHA1:E8C26D68244F9ACB02BC01C93E5490626FE8D305
                  SHA-256:8A96E36AA7CCABB0B49F8500FC4594C103B230D0BCE2B0F405296013535913AC
                  SHA-512:5815C356D297126FB4B42E8400A30D6CAACBD423DD7033910828CA2756631AF0EB73D46E129DD65118A412A5D26275932F0F193C7EF2821927043E5DD45FCDEF
                  Malicious:false
                  Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>SharpDX.DXGI</name>.. </assembly>.. <members>.. <member name="T:SharpDX.DXGI.Adapter">.. <summary>... <p>The <strong><see cref="T:SharpDX.DXGI.Adapter"/></strong> interface represents a display sub-system (including one or more GPU's, DACs and video memory).</p>... </summary>... <remarks>... <p>A display sub-system is often referred to as a video card, however, on some machines the display sub-system is part of the mother board.</p><p>To enumerate the display sub-systems, use <strong><see cref="M:SharpDX.DXGI.Factory.GetAdapter(System.Int32)"/></strong>. To get an interface to the adapter for a particular device, use <strong><see cref="M:SharpDX.DXGI.Device.GetAdapter(SharpDX.DXGI.Adapter@)"/></strong>. To create a software adapter, use <strong><see cref="M:SharpDX.DXGI.Factory.CreateSoftwareAdapter(System.Reflection.Module)"/></strong>.</p><p><strong>Windows

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.Direct3D11.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):171520
                  Entropy (8bit):6.080876699005455
                  Encrypted:false
                  SSDEEP:3072:L8++xU/uepssyT77ng4HKEAYFMFg3TpwsQETyZIHkNMl:iU/fUjg4HZ3T3TwO
                  MD5:EA4259146E6794F890615277D7A60D79
                  SHA1:F739771E47BD51DA17CDA5204B30D60CFE0A2425
                  SHA-256:F40BBD90F97449FC1EA00B2C699FAE03EF29C7EE210D8812EA061181B5ADE36F
                  SHA-512:8059E55EC6312BC85F9E694CAFAE8164A290132960F0FE41209BF91B7E7B087C4CC6E29F60BBACDD019EEC5BB0FDCCB62C33BC825390E59D148295F4C4D6B0DF
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....PT...........!................N.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................0.......H...........x............................................................(>...*...(....*.0..C....... ........ ......~.......s....(.......(....,.~....*..X.R.s....(....*..0..4........(....,..~.....~....(....*.(......~.....o.....(....*:.(......(....*.F.,..(......(....*..r.{....,..{....o....&..}....*..."..(....*...Z.~....(....-..s....*.*.n.{....-...|....(.....{....*.0..?.......~......{........{....M........ZXM)......~....(....-..s....+..Q*..0..5..........{..........(.....{....M..

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.Direct3D11.xml

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines (2197), with CRLF line terminators
                  Category:dropped
                  Size (bytes):2062797
                  Entropy (8bit):5.163115409104646
                  Encrypted:false
                  SSDEEP:49152:EPZTacJwViVn8qRzYzwulb8xXu2IqbHZmak0ann8Qlz0PcO6iZTa1vYhUBSvsKVb:nYhUBSvs2
                  MD5:FA05D5A2F72F23E9232F3B869C05788F
                  SHA1:796D3AC3F7191124E35FB45C79EB693EFE343EAB
                  SHA-256:E1BADA72E6470F92514CF4B2E67BF4D233FD6F798C4CF0FE1C5CB35D4D0E4AEA
                  SHA-512:452BA73E690A940D196182943E847BB7FE1ECF75033C55F5E48AE9F8DB770E97429F687E67C57FA4FEFC7B8EBDEC01C240321475AB662391AB9A2A98AE584FE3
                  Malicious:false
                  Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>SharpDX.Direct3D11</name>.. </assembly>.. <members>.. <member name="T:SharpDX.Direct3D11.AssemblyDoc">.. <summary>.. The <see cref="A:SharpDX.Direct3D11"/> assembly provides managed Direct3D11 API... </summary>.. <msdn-id>ff476080</msdn-id>.. <unmanaged>Direct3D11</unmanaged>... <unmanaged-short>Direct3D11</unmanaged-short>... </member>.. <member name="T:SharpDX.Direct3D11.BlendState">.. <summary>... <p>The blend-state interface holds a description for blending state that you can bind to the output-merger stage.</p>... </summary>... <remarks>... <p>Blending applies a simple function to combine output values from a pixel shader with data in a render target. You have control over how the pixels are blended by using a predefined set of blending operations and preblending operations.</

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.Direct3D9.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):349696
                  Entropy (8bit):5.79919937619434
                  Encrypted:false
                  SSDEEP:6144:kjStjICiONYWrfsy/YY8enNpFYyE5dZwP32cEiqm5rNJLQUB+VJ2XUNyfKkMIGiE:kjStjICiONYWrfsy/YY8enNpFYyE5dZ2
                  MD5:95C4B15083DFE72D6AFACCB85FFF7CB9
                  SHA1:CF3D77ECB1C7A07C5C6C2702C321751331473B11
                  SHA-256:4E573255D6A919F14CFB01B7A66B85AF18C9C06500B1B670103E2886CE0CB46E
                  SHA-512:7406FA45AC6EAAF7B470B55702FB208364D2FABE1A9F10D5B704D1F8546A10E9FC621E0C16076DA9AE915621260E1F3D75B930FCB21F5738EC4021C3D05D6AC6
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....PT...........!.....L..........Nk... ........@.. ...............................~....@..................................j..O....................................j............................................... ............... ..H............text...TK... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................0k......H...............................t........................................(`...*..0../........s....(......+..(......s....o......X...o#...2.*.6.{..........*...0..C........{.....0ci ...._.{..... ci ...._.{......ci ...._.{....i ...._s....*..0..L........{....,>.{....../ .....{......cX.{.... ...._.c.{.... ...._s....*~....*~....*..(....*.0...........|........(.... ....(....}........|........(.... ....(....}........|........(..... (....}.........{+...}......{,...}......{-...}......{.

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.Direct3D9.xml

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines (1207), with CRLF line terminators
                  Category:dropped
                  Size (bytes):3570277
                  Entropy (8bit):5.056113650942314
                  Encrypted:false
                  SSDEEP:49152:hj3S6zjod/VCypSMQvB3S6z/IIGk3S6ze8Wzw5WBjknYaiqrYPUvElE0xcgODOwB:68Wzw5ajknYajrYPUvElE0EO2uxcZ
                  MD5:E2371BFD3B1867D9033250A8F078933E
                  SHA1:774C6366099F74A5F4010F06938011B81EC7726E
                  SHA-256:E3CFDF39006E6DEDE0398E12D17C9F4929B5FD4304B17C6500C57F60C447B298
                  SHA-512:7B9C896A8FA3C087AEE0F7873152E7B4056E94D98DB8084AD15D49973BD677FA446AD65D6016111D3D60F97CA021DF268FD5AF0C2D0F41E4EFC715527E06CC21
                  Malicious:false
                  Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>SharpDX.Direct3D9</name>.. </assembly>.. <members>.. <member name="T:SharpDX.Direct3D9.AdapterCollection">.. <summary>.. A collection of <see cref="T:SharpDX.Direct3D9.AdapterInformation"/>... </summary>.. </member>.. <member name="T:SharpDX.Direct3D9.AdapterDetails">.. <summary>... <p>Contains information identifying the adapter.</p>... </summary>... <remarks>... <p>The following pseudocode example illustrates the version format encoded in the DriverVersion, DriverVersionLowPart, and DriverVersionHighPart members.</p><pre> Product = HIWORD(DriverVersion.HighPart)... Version = LOWORD(DriverVersion.HighPart)... SubVersion = HIWORD(DriverVersion.LowPart)... Build = LOWORD(DriverVersion.LowPart)... </pre><p>See the Platform SDK for more information about the HIWORD macro, t

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):558080
                  Entropy (8bit):5.971410377672503
                  Encrypted:false
                  SSDEEP:6144:7/5QOXulOHu5qMEpd0Po80FY8hwMrq7ckkRQiyqFKW0mhukFuS:bdebqMEpdu0AMm7YH0mv
                  MD5:C8A932A73720C18F1A2D2B9352D8BF55
                  SHA1:0EE7CB62ACA3254454DA0AEE324DF4918930D136
                  SHA-256:05F4BE903D726CC9BDE252DCC167E8FE90C71C35E8F208C380FD7F9FDC4A133E
                  SHA-512:0B329BB8ABE87295676FAC3FF213C41694D2C869ABD138324036B0ACD418351131A6E2A04424A38854A55CF4416BCF9530571DDE2FD3EC0A09022711B84D60B7
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....PT...........!.....|............... ........@.. ....................................@.................................X...S................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......(................A..pD...........................................(....(....*.0..\.........}.......E................$...+/..(....}....*..(....}....*..}....*..(....}....*."....}....*F..}.......[}....*...0..A........{....l#...`.!.@(....k.."..I.5.."...@X.+.."..I@6.."...@Y...}....*....0..*........{...."...@]..l#........4.."...@X...}....*..2.{....(....*...6..(....}....*..2.{....(....*...6..(....}....*...0..:........{....(......"....4..l(....k...Y"..pBZ*.l(....k...Y"..pBZ*..

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\SharpDX.xml

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):2916874
                  Entropy (8bit):4.970562416806311
                  Encrypted:false
                  SSDEEP:49152:9Sjga5YnPy06WhHiScqCwEy8v7+k2QmMkZX:f6WhHt
                  MD5:74E45F5A72F4FF0BE67289B9A0264B34
                  SHA1:53D0DC00D4ABAF7912D26F5EA817C3261E7BE00A
                  SHA-256:D7B5956B1A712B0A830F97767AE714DF12E4D2614803F3C0C288381092E1CDDE
                  SHA-512:92685D2E92D5F79E5C9AC7434F353FCF7CF6F407C6D0F6E7DF8617D75B664872F38FAE176C9CA17699B0AEBF98466355DA13975FDD2F426D2D0F67B9D7E9CDE1
                  Malicious:false
                  Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>SharpDX</name>.. </assembly>.. <members>.. <member name="T:SharpDX.AngleSingle">.. <summary>.. Represents a unit independent angle using a single-precision floating-point.. internal representation... </summary>.. </member>.. <member name="T:SharpDX.Serialization.IDataSerializable">.. <summary>.. Implement this interface to serialize datas with <see cref="T:SharpDX.Serialization.BinarySerializer"/>... </summary>.. </member>.. <member name="M:SharpDX.Serialization.IDataSerializable.Serialize(SharpDX.Serialization.BinarySerializer)">.. <summary>.. Reads or writes datas from/to the given binary serializer... </summary>.. <param name="serializer">The binary serializer.</param>.. </member>.. <member name="F:SharpDX.AngleSingle.Degree">.. <summary>..

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate.dat

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):4053
                  Entropy (8bit):7.949172291049592
                  Encrypted:false
                  SSDEEP:96:5gt0SR1dcy0v1LARRyXkZIQWCjcX4h6ck1a:et0SJq1L5UZIQaG6DQ
                  MD5:CD90E1CCCB0BC38CC620E60748B845B4
                  SHA1:E80B1D3A065FEFDE3FC3F2E47D3EE28EE241A02C
                  SHA-256:F9331F2F36E8040BAD907AB52B44E7880CA2BBBF862E7E361B5C9B7988412413
                  SHA-512:1C7EDEC2E07B5F0293A5EF6804CD0D57AD0471A1A036A7EC4494E6CA4743F4432E49D939114264460BBFFC174A3C70775F76417828F9CED6B434241A06039006
                  Malicious:false
                  Preview:TAPDFV1.....0......0...*.H............0..............&.@\.S-#..!.rt....'.3M......"..xes..dR....c.U.h..Ux.$...CO.m.?;.#..Y...<.Y......Hv.s..^?......C..).g...[.F..*9_....5-...&.w.Y.L....wZK.?).P.7.....b....O8'...yf.W6%.81...X]<A.S..,J.....t...3..y..'......$..........`6...h.^n..7:4..;n<t.i.k...........I.-K.x.A}..~.`...w.5..%......r...OX~..5...z............&.~..f......z.....N*.j.8...%m.5AZ......B.x........q. %F..u...r...;q.."..F.......t/..B.^...,R!.n]..HN......[H..}o 2;<C..\Wt....! ._..'y."Y[.0.O=B....M3$wV.[...1....d.S\..v.d.z..._.T.#L..E(y;.t..y.....MZ.....e./4:$..........6.N%g.V. w.,4SGX.v&............. 4... .i!..~=7..<....._N...G....D7.D..i..#....?h|............`w35......6..=MJ..5c..<x2,.{%.l.....c......U7^.h..9.91..ke!....>(...GMan....oa..X.T...mh.,!...=T..Ss>..s@EI[..O.-%.....,.T.....9..].s.l.......2#.[9.#..M.E.]P...gm..O.\..0<" .._n......H...R....@....(J....D...J.......yv.[Q..j.5..P.Z6..i]]/..`0.!........j7;..>.T..:a....).C...H...R*.Mj.

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):1232352
                  Entropy (8bit):6.843239277991077
                  Encrypted:false
                  SSDEEP:24576:b25cPXsBi86c65mawkyvdejKFM7GrPUOq64ILwpIO2b4E6QAXeIH2:KMLc6gPM164IPxb56Zeo2
                  MD5:D5BB70427F40BA5D094FF7A74E751C8A
                  SHA1:3594220B68A4BF0600B83AA61CD3CFE2542336A0
                  SHA-256:8D616B780E04F2608A95B9099940720EBE1AB27D9AD21C45E071DCB7D1130C24
                  SHA-512:10C284838563F03048FE652E6A6CA1E602BD69FF47FAA5670BF4D4348DA1638A1ABF0476B51FD12F79BADF4F13FD1E68B0EAEE485F666C244FC4E342893A56A3
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......D..c.b.0.b.0.b.0...1.b.0...1.b.0...1.b.0...1.b.0...1Gb.0...0.b.0...1.b.0...1.b.0...1#b.0...1.b.0...1.b.0.b.0.b.0...1.b.0...1.b.0..G0.b.0.b/0.b.0...1.b.0Rich.b.0........PE..L...$}.^...........!.....<..........W........P......................................X.....@..........................L..8...8R....... .......................0..h...`...8...................P...........@............P...............................text....:.......<.................. ..`.rdata..|....P.......@..............@..@.data........p.......X..............@....rsrc........ ......................@..@.reloc..h....0......................@..B................................................................................................................................................................................................................................................................

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate.exe

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):305632
                  Entropy (8bit):6.7115878779291664
                  Encrypted:false
                  SSDEEP:6144:Inxu8P2hxiod6KNeB8FO2NU5PJbeIu+dD3V8QiufNBuCqd:y23iod6KNeB8FOzJTu+dfVVBjqd
                  MD5:7C704320B8BCDEFE64EB30DF614DB62A
                  SHA1:3A25DDD988312AE5C1692A79A2385FA202081E1E
                  SHA-256:3E36A6EEC84C32BDC7CEEABADB99CBFE62E5A43655020DB2A9641F9ACF6D8677
                  SHA-512:A1C00DEFAD48A815FA04B911CD51C855763BCA98EAEEF4154E8A603FB679702F94C8BFD2215A8ED6C94D531A7694525A6EDFE3CE350E387CD691AA5AFDFD868D
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................P.....P.....P.......................2..........N....&.........Rich...........PE..L....}.^................."...v...............@....@.......................................@..........................................P.. J.......................(..4...p...................`...........@............@...............................text...R .......".................. ..`.rdata.......@.......&..............@..@.data...4'... ......................@....rsrc... J...P...L..................@..@.reloc...(.......*...b..............@..B................................................................................................................................................................................................................................................................................................

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\TurboActivate64.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):1502688
                  Entropy (8bit):6.516641132165205
                  Encrypted:false
                  SSDEEP:24576:1v4oBBXSYOVEELxdOQNh5t28MUD6dWoQ4wYYsrJpUhYYTNdz372Azao12xQgx:1vTtIVEE9sQNh5E8MUoQCYsCYYRdzrfe
                  MD5:06396B667C505F0A8EDD8864FCCDD2B2
                  SHA1:ABBAE4AA9EAC5DE5657E5FFE4FE07813BA0B1307
                  SHA-256:ED2C16171A48C8BBBA0A541393CAAFF217FE908EE76F763743CBBF674C0DE66E
                  SHA-512:5095E1F281732FA1EEB1A5536A6BD27AFF9A614FD8B05530FDAEBAEB1C764FE2DC84D92D2D6094A177176A983BC1261555735CEE866110328BDD4E8EA20403E4
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$......."..Zf...f...f...r...q...r...h...r.......r...d.....!....[@.e.......w.......l.......g.....E...........r...q...f...........g.....~.....g....x.g...f...g.....g...Richf...................PE..d....|.^.........." .........>......,........................................P.......g....`.........................................0...8...h4...............0..$................1......p.......................(...P...0............................................text............................... ..`.rdata...n.......p..................@..@.data........P.......6..............@....pdata..$....0......................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc...1.......2..................@..B........................................................................................................................................

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\de\ReefMasterSonarViewer.resources.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):11776
                  Entropy (8bit):4.4897674815588315
                  Encrypted:false
                  SSDEEP:192:UpuXEMN2NTqAU1w4zdNGeyUpJzrsjRyZVc1kp39d+enZ/Ys4Jxy2:XXEc8OvyUftc1kl9UenZgsG
                  MD5:0AF01657B954ED4DABD21E6BEB80F0F4
                  SHA1:D3E2B5CEAA058001714653C26535A535C435BD26
                  SHA-256:448F3460DC4886ED62A48039A634B8721192847E0CA6CDA82339EC4A2F0B4599
                  SHA-512:701DD9DFB2DBF5DCCA4BD6E0E00160F51A164A8D88D1AFF8736D49225313C860BF0910D2154FD77A321C43FD69B5BACFAAA3F79BAD834A249D50300EE7AEB109
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...YI8b.........." .....&..........ZD... ...`....@.. ....................................@..................................D..O....`............................................................................... ............... ..H............text...`$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............,..............@..B................<D......H.......P ...............#.. ..........................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.(.......#GUID...8...`...#Blob......................3......................................................}.......................-.....`.....H.#.................................!.....).....1.....9.....A.........................#.....+.4...3.....;.K...C.Y.........*.........{...............................C......<Module>.mscorlib.d

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\fr\ReefMasterSonarViewer.resources.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):11264
                  Entropy (8bit):4.485366582661373
                  Encrypted:false
                  SSDEEP:192:H/mXdyTNQNTRXccX5fhrZ3GksosRAF9UoncALzt//UCnumXyL64Jxy2:uXdyZiNX5x7EosAtemXY6G
                  MD5:4DFBD1B34B3CD801C60F95596F0C516F
                  SHA1:1AF2FBF19D15E1288303DE2FC19F6C1D83F01360
                  SHA-256:30BB214855416FE4D7CE13AE82AD8FB798EB6C9148AFDC71F6372005BAA8EAEB
                  SHA-512:87607C9D17C7D87F0DA1B85F0B3CA31D10692B99DE0E8AD5E5E986FE32D06EF72882DCF1FFA8BD6674C0964A7215333C426EC7AB4F6CF8F336FE24B44CA3DAF6
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ZI8b.........." .....$...........B... ...`....@.. ....................................@..................................B..O....`............................................................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............*..............@..B.................B......H.......P ...............#..............................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.(.......#GUID...8...`...#Blob......................3......................................................z.......................*.....].....E.#.................................!.....).....1.....9.....A.........................#.....+.4...3.....;.K...C.Y.........*.........C...............................c......<Module>.mscorlib.A

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\nl\ReefMasterSonarViewer.resources.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):11264
                  Entropy (8bit):4.458714034601192
                  Encrypted:false
                  SSDEEP:192:PH7RITTN2NTPWR9zGOVboBOBRCqulkeO7BpqFVcZw4Jxy2:9ITZ874oBtWYFjG
                  MD5:8F0D30A2A732CEE16ED24794A7343AFF
                  SHA1:5A437D197EBC03B580E604CC845D7EE4B1324E7D
                  SHA-256:28864F0001F74485C108B5CEC4D34561C00FA1954A853F041A63050D2A2C38F6
                  SHA-512:F3CE0E31721E277313A23B74D80A14B6983812DDD7A03B61369F82F480B173750D94B808BB278A4D2D58086C67ECF5FAF6BD4C04246BF45A3B90F69B98B7655E
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ZI8b.........." .....$...........C... ...`....@.. ....................................@..................................B..O....`............................................................................... ............... ..H............text... #... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............*..............@..B.................B......H.......P ...............#..............................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.(.......#GUID...8...`...#Blob......................3......................................................z.......................*.....].....E.#.................................!.....).....1.....9.....A.........................#.....+.4...3.....;.K...C.Y.........*.........{...............................C......<Module>.mscorlib.A

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):1274080
                  Entropy (8bit):5.9166088380336195
                  Encrypted:false
                  SSDEEP:24576:ktoDvtIVcPTBRfZZVqwDPVWsphvYh/KMHUmZFPz:AMvtsiTBRbFDPVWuvYh/KMHUmZF7
                  MD5:B797EC561F9F0576F7E55415B67CA62D
                  SHA1:C4496E865B68D00AD82B5CD91FF45F607884A5F4
                  SHA-256:9BEAAAFEF006B45AFA9B459F5D36DCA078F7875086F1DA694249BEA603BB5DA1
                  SHA-512:068AB3FF89763247B97A92BE334438B8F2F2571C56BA5373EDD7811C6B859CC52A3E3D2423D081ED84CD26CBBEB798404FC71C2FA8E3CAA0AFBFC52C1D7B566D
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=...y..y..y..m..w..m.....+..j..+..a..+..%..m..b..m..x..m..X..y...../...../...x../..x..Richy..................PE..L...,..`.........."..................r............@..................................H....@..................................X..,........4...........N..."......,.......p...............................@...............t....S.......................text...?........................... ..`.rdata..............................@..@.data....(...........j..............@....rsrc....4.......6...~..............@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................................................................

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.ini

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):517
                  Entropy (8bit):5.264759141819476
                  Encrypted:false
                  SSDEEP:12:1Cbz8FD8ZUmbZsWipbbH+vqvF3LXWi8FD8ZUFaw98YnpZCWn:1GYaHdsWip/eC9eaUN98KzCW
                  MD5:B1E8BC46FDD39C73E7FC2E1ACEF94905
                  SHA1:AF34853E6F20D154169429C0E4582F8E09B65148
                  SHA-256:E54EE1985A6659D2F6C017FD85A9AE89DC54D378B4D5FD24306D0439EE9B82B3
                  SHA-512:7887675BB9D86D4F86F59A2AA6872E84CABA1F362FB822D182A05BE9180BF5409D953580375EA189282E9068E87935DC22388B94AF403946EAE55E7F9FCB5CBB
                  Malicious:false
                  Preview:[General]..AppDir=C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\..ApplicationName=ReefMaster Sonar Viewer..CompanyName=ReefMaster Software..ApplicationVersion=1.1.42.0..DefaultCommandLine=/checknow..CheckFrequency=1..DownloadsFolder=C:\ProgramData\ReefMaster Software\ReefMaster Sonar Viewer\updates\..Flags=PerMachine|ShowConfigOptionsButton..ID={E6023432-1CC9-4DD8-9508-7AD4E2E16050}..URL=http://reefmastersoftware.blob.core.windows.net/sonarviewer-updates/ReefMaster Sonar Viewer Updater.txt..

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\x64\D3DCompiler_43.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):2526056
                  Entropy (8bit):6.326395907728081
                  Encrypted:false
                  SSDEEP:49152:zf59zPxKcvHzDB6t3+C0/aJfyLg7Ie4Xy+5j4m2CTB:M2642o7lftd
                  MD5:ADA0C39D4EACDC81FD84163A95D62079
                  SHA1:207321F1B449985B2D06ED50B989FA6259E4EB8E
                  SHA-256:44C3A7E330B54A35A9EFA015831392593AA02E7DA1460BE429D17C3644850E8A
                  SHA-512:1AFC63DB5D2030B76ABC19094FC9FEF28CC6250BD265294647E65DB81F13749C867722924460F7A6021C739F4057F95501F0322CDEC28A2101BF94164557A1A5
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..^L..^L..^..X^N..^..m^]..^L..^..^..Z^K..^..l^w..^..]^M..^..i^>..^kz.^M..^..\^M..^..[^M..^RichL..^........................PE..d......K.........." ......$.........\.#.......................................&.......&...@...........................................%.......$.P.....&.......%......t&.h.....&..0...................................................................................text.....$.......$................. ..`.data...X.....%..V....$.............@....pdata........%......T%.............@..@.rsrc.........&......(&.............@..@.reloc..0G....&..H...,&.............@..B........................................................................................................................................................................................................................................................................................

                  C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\x86\D3DCompiler_43.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):2106216
                  Entropy (8bit):6.4563314852745375
                  Encrypted:false
                  SSDEEP:49152:DpX9JVeE9HP6Zpy9KyhMI50Du8LljslNsHSHFUq9OiapbbO5Akb:H3P9HP6Zpy9KyhMI50Du8LljslNsyHiS
                  MD5:1C9B45E87528B8BB8CFA884EA0099A85
                  SHA1:98BE17E1D324790A5B206E1EA1CC4E64FBE21240
                  SHA-256:2F23182EC6F4889397AC4BF03D62536136C5BDBA825C7D2C4EF08C827F3A8A1C
                  SHA-512:B76D780810E8617B80331B4AD56E9C753652AF2E55B66795F7A7D67D6AFCEC5EF00D120D9B2C64126309076D8169239A721AE8B34784B639B3A3E2BF50D6EE34
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 3%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.h...;...;...;..];...;...;...;.._;...;..h;0..;..i;'..;..X;...;..l;D..;?M.;...;..Y;...;..^;...;Rich...;........PE..L...92.K...........!.........d...............................................p .....O. ...@.........................@.......@...P..................... .h............................................i..@............................................text...S........................... ..`.data....~.......B..................@....rsrc................(..............@..@.reloc..D............,..............@..B................................................................................................................................................................................................................................................................................................................................................................

                  C:\ProgramData\Caphyon\Advanced Installer\{53A352F5-DB53-4EE6-976A-81BBB0A97267}\ReefMasterSonarViewer1.1.42.exe

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):2481176
                  Entropy (8bit):6.100333901416379
                  Encrypted:false
                  SSDEEP:49152:Av9xJSbZqueIWHIX0YQdGMuFMAMc9mqIHEMY3SvV29rUYJTDSE8mjPiHH9O:m9xJSbhWHIX0YQdGMup9mqIkllT
                  MD5:DC3681F8C976FAA5715EE4D176C3492E
                  SHA1:8452A4F02C13AF84DDE5E301CC86BFF2E2AE9FBD
                  SHA-256:F11B529F53F772B78065E26C4591218F96749F91CF948765E65EFB0EC6BB38B2
                  SHA-512:EE8D0E515E1A6CA96FB41134ED6993B33DC3C4C6B86EDCDC9BD2A28C0E9F7E2B8AB97E668E03C727749115CB5FFCAAE4BB3434D7AB31BAB3ADF60E49931619A8
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u.."1..q1..q1..q%..p<..q%..p...q%..p0..qc..p"..qc..p&..qc..pS..q%..p(..q%..p2..q%..p0..q1..q...qg..p...qg..q0..q1.zq0..qg..p0..qRich1..q........PE..L......`.........."......`...T......Q........p....@...........................%.....=W&...@..................................\..(........\..........8.%.."...@$. .......p...............................@............p.......3..`....................text...o_.......`.................. ..`.rdata.......p.......d..............@..@.data...xn...p...V...b..............@....rsrc....\.......^..................@..@.reloc.. ....@$.......$.............@..B........................................................................................................................................................................................................................................................................................

                  C:\ProgramData\DIBsection\4c0b9aec54b82b64e042e8.84979931

                  Download File
                  Process:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe
                  File Type:data
                  Category:modified
                  Size (bytes):587
                  Entropy (8bit):6.567736276180483
                  Encrypted:false
                  SSDEEP:12:VCVWaPF0ShYpL/ivAGZ0Z7/Q2ktEU6o8s/13c:VCVzPF0SYwvpmzdAJTJZc
                  MD5:5A19A392D98C6F52EBFD06B7E20CF1FA
                  SHA1:40CD45E6FA73D8DDF58FD0DBC13FF3E15FD5909E
                  SHA-256:7BA08D9C923517AF19B027E1C76A1BCB8652B2E68697FBAABAE59CBC65DF71D6
                  SHA-512:4D86AF136DA33D3E5D40E320E6A57854CE95D9EFFCC882D04BFB09E5D5BAADCB656A3E79F6FD9060C8C4CE3DA6C0CE6BDCEEFC1C79F1130AE53DA3F9A08C7439
                  Malicious:false
                  Preview:TAVFV1.-.........................P..#..P..#..........TS512GMTS430SG515600503'To Be Filled By O.E.M.C246 WSIASRockRack7BFEBFBFF000906EDIntel(R) Core(TM) i9-9900K CPU @ 3.60GHz.S...................................bJ.......................................................9......................;............;............._.;...G.9..E.....Y2|u3.y.5v.1..?..a..0.9..|WU.B-.....9>}..c>.<B.j....c.F.l1.......Y.?!..f.......A.*.....#q....F..U.V.a..Q....U.....g.H...V...s...R..............5..Y...p.......k.4..[|....T.n%X=.a.I....bOQ..."Y.F.&QCr...4j...v....}..F.u.+0?..d.......9.......

                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReefMaster Sonar Viewer\ReefMaster Sonar Viewer.lnk

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Mon Mar 21 06:46:04 2022, mtime=Thu Apr 25 19:06:43 2024, atime=Mon Mar 21 06:46:04 2022, length=1775328, window=hide
                  Category:dropped
                  Size (bytes):1458
                  Entropy (8bit):4.488824912797575
                  Encrypted:false
                  SSDEEP:24:8vw2dOEStsEQ9F1wMmA4YaJuM+d9EcMLd9EyUU/kslesl/nyfm:8vw2dOptlQ9Nd4YU+dm9LdmzcDRw
                  MD5:C534E678E3ACE9158622BC3CEC0AE82D
                  SHA1:DBE3CEAE3FB2498716B213D9A7DFD008C603AB07
                  SHA-256:D7756FA43439759C18A03B08A564F4DA1944A854EAEB95605E0FD35EAB7688E5
                  SHA-512:4128DFF83E50A2BA4EA777F3B294C2CDB96FD742461BCCAAB1684DDA2D9BC9F58E5CC5B8DB31CA5E7510148AF9709C0D472461EB2A19A00132DFE0CC9F8BBBE4
                  Malicious:false
                  Preview:L..................F.... ....Fv..<... ..L....Fv..<........................../....P.O. .:i.....+00.../C:\.....................1......X...PROGRA~2.........O.I.X..... t..............V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....p.1......X...REEFMA~1..X......X..X......4........................R.e.e.f.M.a.s.t.e.r. .S.o.f.t.w.a.r.e.....x.1......X...REEFMA~1..`......X..X......4.....................`..R.e.e.f.M.a.s.t.e.r. .S.o.n.a.r. .V.i.e.w.e.r.......2.....uT.= .REEFMA~1.EXE..d......uT.=.X......4........................R.e.e.f.M.a.s.t.e.r.S.o.n.a.r.V.i.e.w.e.r...e.x.e.......................-....................>.p.....C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe....R.e.e.f.M.a.s.t.e.r.S.o.n.a.r.V.i.e.w.e.r...e.x.e.k.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.e.e.f.M.a.s.t.e.r. .S.o.f.t.w.a.r.e.\.R.e.e.f.M.a.s.t.e.r. .S.o.n.a.r. .V.i.e.w.e.r.\.R.e.e.

                  C:\ProgramData\ReefMaster Software\ReefMaster Sonar Viewer\updates\ReefMaster Sonar Viewer Updater.aiu (copy)

                  Download File
                  Process:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):645
                  Entropy (8bit):5.0639641097028525
                  Encrypted:false
                  SSDEEP:12:8T8ZsUvnud6LeRdIfLEynvEPbX0Jd6GSzUr5yM1lzUr5ypTSSTae:xsUYyGdYJnMPNlUr5v1pUr58h5
                  MD5:099786653DD667EF7CB0BFC1D4A313FA
                  SHA1:BE506926BF4A0C82A7C4DB2BFCFC917CAC3963F1
                  SHA-256:C76DDD9BA343ACF86D5513F70F697FCC3611DFD923D9574F566A42B0A5595186
                  SHA-512:5DCAC9CCC93C6004565EF43A50F1BFCCD63D7229F2512DA15E44ECF644F7A062DB0FDAC94FF471885F12FACA3C6A5C7DE96105FE400A4A5C686A9F83E4FFC6C6
                  Malicious:false
                  Preview:;aiu;....[Update]..Name = ReefMaster Sonar Viewer..ProductVersion = 1.1.42.0..URL = https://reefmastersoftware.blob.core.windows.net/sonarviewer-updates/ReefMasterSonarViewer1.1.42.exe..Size = 24704432..MD5 = c62866600614868da4941c5346ff120a..ServerFileName = ReefMasterSonarViewer1.1.42.exe..FilePath = [APPDIR]ReefMasterSonarViewer.exe..Version = 1.1.42.0..Description = This update fixes issues with downloading map tiles, and also includes a 64 bit build to enable loading of very large sonar log files...Enhancement = 64 bit build enables loading of very large sonar log files...BugFix = Fixed issue when downloading background map tiles...

                  C:\ProgramData\ReefMaster Software\ReefMaster Sonar Viewer\updates\ReefMaster Sonar Viewer Updater.aiu.part

                  Download File
                  Process:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):645
                  Entropy (8bit):5.0639641097028525
                  Encrypted:false
                  SSDEEP:12:8T8ZsUvnud6LeRdIfLEynvEPbX0Jd6GSzUr5yM1lzUr5ypTSSTae:xsUYyGdYJnMPNlUr5v1pUr58h5
                  MD5:099786653DD667EF7CB0BFC1D4A313FA
                  SHA1:BE506926BF4A0C82A7C4DB2BFCFC917CAC3963F1
                  SHA-256:C76DDD9BA343ACF86D5513F70F697FCC3611DFD923D9574F566A42B0A5595186
                  SHA-512:5DCAC9CCC93C6004565EF43A50F1BFCCD63D7229F2512DA15E44ECF644F7A062DB0FDAC94FF471885F12FACA3C6A5C7DE96105FE400A4A5C686A9F83E4FFC6C6
                  Malicious:false
                  Preview:;aiu;....[Update]..Name = ReefMaster Sonar Viewer..ProductVersion = 1.1.42.0..URL = https://reefmastersoftware.blob.core.windows.net/sonarviewer-updates/ReefMasterSonarViewer1.1.42.exe..Size = 24704432..MD5 = c62866600614868da4941c5346ff120a..ServerFileName = ReefMasterSonarViewer1.1.42.exe..FilePath = [APPDIR]ReefMasterSonarViewer.exe..Version = 1.1.42.0..Description = This update fixes issues with downloading map tiles, and also includes a 64 bit build to enable loading of very large sonar log files...Enhancement = 64 bit build enables loading of very large sonar log files...BugFix = Fixed issue when downloading background map tiles...

                  C:\ProgramData\win-net\9c0b4aec54b82b64e042e8.84979931

                  Download File
                  Process:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):162
                  Entropy (8bit):6.729394120232874
                  Encrypted:false
                  SSDEEP:3:eUkQsvrwRC5t4SjsmNWG7q3/cW/Hb/fG/KrnWzZTpr3A+Ger4Zgt3QN:eUkQMwU5ttWWWogWt9+ZgtAN
                  MD5:D39BD31745663096C15F9DD9E9B87601
                  SHA1:2EA1616967AF07C03780AD9C0AF83D302090F89F
                  SHA-256:6C0808624D6B1877E2954A250FE61AB37D737D91EA808CAF5AB1CE0F72F02F92
                  SHA-512:3E208A25F33294D1D2CE02C68EAA14DA6DF33DFFBE1CE98CAB79FDA3D5D7A09D8DE9688FF44476183CDDC9AF31EEE52AFB9CC467D190B41DBC81BECF6CA4B33E
                  Malicious:false
                  Preview:TANACV1....._D................g*...\.F..JC:.7.1)..M1z..d.5...[8.B..s.]..'.W.3.R.=`&{.E3."..9}..#..A...$........E.3.lCRmKq.N.-........y....A...\".....S..S...

                  C:\Users\user\AppData\LocalLow\Intel\ShaderCache\a2e56d41d4130bbde45ee06926caa8208f437566377a711c8b23edaa71ab1c06

                  Download File
                  Process:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):26
                  Entropy (8bit):3.6864194113487727
                  Encrypted:false
                  SSDEEP:3:tAvnXVHjn:tgXVHjn
                  MD5:33F0D2B8DEC34BF56C3545C83958964F
                  SHA1:63DDE4D4174DFE30F1B1C2766692AFE1C4104FF2
                  SHA-256:FE02DF6064A02C4A8590E8BFB88BF55307E1313FE15CC4395CE8795FF932624A
                  SHA-512:5F46520B7030E0625F7BEA1FB1F1E8C81E7013697481FA9E5EE2D1DF188968E8B5103DD38F169EC35F3A0ABA3DF14183B637B9545A433EE2029FD1436DCF0BA7
                  Malicious:false
                  Preview:INSC.>.....Mar222021151921

                  C:\Users\user\AppData\LocalLow\Intel\ShaderCache\e5da3da0803f2296e18db2b69ca7a1c7cf5cbd7aae0eff9219727425ffb8e5ca

                  Download File
                  Process:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):26
                  Entropy (8bit):3.6864194113487727
                  Encrypted:false
                  SSDEEP:3:tAvnXVHjn:tgXVHjn
                  MD5:33F0D2B8DEC34BF56C3545C83958964F
                  SHA1:63DDE4D4174DFE30F1B1C2766692AFE1C4104FF2
                  SHA-256:FE02DF6064A02C4A8590E8BFB88BF55307E1313FE15CC4395CE8795FF932624A
                  SHA-512:5F46520B7030E0625F7BEA1FB1F1E8C81E7013697481FA9E5EE2D1DF188968E8B5103DD38F169EC35F3A0ABA3DF14183B637B9545A433EE2029FD1436DCF0BA7
                  Malicious:false
                  Preview:INSC.>.....Mar222021151921

                  C:\Users\user\AppData\Local\-\ReefMasterSonarViewer.exe_Url_5hjnxoxgetm0v5ptbif1t4wadqmvm5ac\1.1.42.0\fi10wam4.newcfg

                  Download File
                  Process:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1023
                  Entropy (8bit):4.440234250892844
                  Encrypted:false
                  SSDEEP:12:TMHdGGnOCOQM/+gqRPf8iKNJuo1vzsqtvGq8khkO87eJ7emPEatvvXFfEN+pvvXn:2dPX8PjumI2Ga6MVv1fvvX
                  MD5:7EFF11F125B7C855E4D829C67BF3B488
                  SHA1:0DDA77A050E0D96C41D69EF59C6E5AF2ADDF4E07
                  SHA-256:67F17B980FD8430534E429DFF8F473D83B7EB514B8EA828009A958C2D7C28410
                  SHA-512:011959D6F9254A56B0F899B86CEF7604B2021AEF6A3046470B1479F53B78F95B0B184EE262A1E55C9C7767045BE1A353412752150D063A243B73A80BB68F7E7C
                  Malicious:false
                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <ReefMasterSonarViewer.Properties.Settings>.. <setting name="ImportOptions" serializeAs="Xml">.. <value>.. <sonar_log_import_options xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <HeadingSource>None</HeadingSource>.. <WaterType>Fresh</WaterType>.. <WaterTempC>20</WaterTempC>.. <TransducerForeAftCM>0</TransducerForeAftCM>.. <TransducerPortStarboardCM>0</TransducerPortStarboardCM>.. </sonar_log_import_options>.. </value>.. </setting>.. <setting name="Language" serializeAs="String">.. <value>Default</value>.. </setting>.. </ReefMasterSonarViewer.Properties.Settings>.. </userSett

                  C:\Users\user\AppData\Local\-\ReefMasterSonarViewer.exe_Url_5hjnxoxgetm0v5ptbif1t4wadqmvm5ac\1.1.42.0\ge5glnul.newcfg

                  Download File
                  Process:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1023
                  Entropy (8bit):4.440234250892844
                  Encrypted:false
                  SSDEEP:12:TMHdGGnOCOQM/+gqRPf8iKNJuo1vzsqtvGq8khkO87eJ7emPEatvvXFfEN+pvvXn:2dPX8PjumI2Ga6MVv1fvvX
                  MD5:7EFF11F125B7C855E4D829C67BF3B488
                  SHA1:0DDA77A050E0D96C41D69EF59C6E5AF2ADDF4E07
                  SHA-256:67F17B980FD8430534E429DFF8F473D83B7EB514B8EA828009A958C2D7C28410
                  SHA-512:011959D6F9254A56B0F899B86CEF7604B2021AEF6A3046470B1479F53B78F95B0B184EE262A1E55C9C7767045BE1A353412752150D063A243B73A80BB68F7E7C
                  Malicious:false
                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <ReefMasterSonarViewer.Properties.Settings>.. <setting name="ImportOptions" serializeAs="Xml">.. <value>.. <sonar_log_import_options xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <HeadingSource>None</HeadingSource>.. <WaterType>Fresh</WaterType>.. <WaterTempC>20</WaterTempC>.. <TransducerForeAftCM>0</TransducerForeAftCM>.. <TransducerPortStarboardCM>0</TransducerPortStarboardCM>.. </sonar_log_import_options>.. </value>.. </setting>.. <setting name="Language" serializeAs="String">.. <value>Default</value>.. </setting>.. </ReefMasterSonarViewer.Properties.Settings>.. </userSett

                  C:\Users\user\AppData\Local\-\ReefMasterSonarViewer.exe_Url_5hjnxoxgetm0v5ptbif1t4wadqmvm5ac\1.1.42.0\mpvang1t.newcfg

                  Download File
                  Process:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1023
                  Entropy (8bit):4.440234250892844
                  Encrypted:false
                  SSDEEP:12:TMHdGGnOCOQM/+gqRPf8iKNJuo1vzsqtvGq8khkO87eJ7emPEatvvXFfEN+pvvXn:2dPX8PjumI2Ga6MVv1fvvX
                  MD5:7EFF11F125B7C855E4D829C67BF3B488
                  SHA1:0DDA77A050E0D96C41D69EF59C6E5AF2ADDF4E07
                  SHA-256:67F17B980FD8430534E429DFF8F473D83B7EB514B8EA828009A958C2D7C28410
                  SHA-512:011959D6F9254A56B0F899B86CEF7604B2021AEF6A3046470B1479F53B78F95B0B184EE262A1E55C9C7767045BE1A353412752150D063A243B73A80BB68F7E7C
                  Malicious:false
                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <ReefMasterSonarViewer.Properties.Settings>.. <setting name="ImportOptions" serializeAs="Xml">.. <value>.. <sonar_log_import_options xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <HeadingSource>None</HeadingSource>.. <WaterType>Fresh</WaterType>.. <WaterTempC>20</WaterTempC>.. <TransducerForeAftCM>0</TransducerForeAftCM>.. <TransducerPortStarboardCM>0</TransducerPortStarboardCM>.. </sonar_log_import_options>.. </value>.. </setting>.. <setting name="Language" serializeAs="String">.. <value>Default</value>.. </setting>.. </ReefMasterSonarViewer.Properties.Settings>.. </userSett

                  C:\Users\user\AppData\Local\-\ReefMasterSonarViewer.exe_Url_5hjnxoxgetm0v5ptbif1t4wadqmvm5ac\1.1.42.0\user.config (copy)

                  Download File
                  Process:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1023
                  Entropy (8bit):4.440234250892844
                  Encrypted:false
                  SSDEEP:12:TMHdGGnOCOQM/+gqRPf8iKNJuo1vzsqtvGq8khkO87eJ7emPEatvvXFfEN+pvvXn:2dPX8PjumI2Ga6MVv1fvvX
                  MD5:7EFF11F125B7C855E4D829C67BF3B488
                  SHA1:0DDA77A050E0D96C41D69EF59C6E5AF2ADDF4E07
                  SHA-256:67F17B980FD8430534E429DFF8F473D83B7EB514B8EA828009A958C2D7C28410
                  SHA-512:011959D6F9254A56B0F899B86CEF7604B2021AEF6A3046470B1479F53B78F95B0B184EE262A1E55C9C7767045BE1A353412752150D063A243B73A80BB68F7E7C
                  Malicious:false
                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <ReefMasterSonarViewer.Properties.Settings>.. <setting name="ImportOptions" serializeAs="Xml">.. <value>.. <sonar_log_import_options xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <HeadingSource>None</HeadingSource>.. <WaterType>Fresh</WaterType>.. <WaterTempC>20</WaterTempC>.. <TransducerForeAftCM>0</TransducerForeAftCM>.. <TransducerPortStarboardCM>0</TransducerPortStarboardCM>.. </sonar_log_import_options>.. </value>.. </setting>.. <setting name="Language" serializeAs="String">.. <value>Default</value>.. </setting>.. </ReefMasterSonarViewer.Properties.Settings>.. </userSett

                  C:\Users\user\AppData\Local\-\ReefMasterSonarViewer.exe_Url_5hjnxoxgetm0v5ptbif1t4wadqmvm5ac\1.1.42.0\zgclbu1a.newcfg

                  Download File
                  Process:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1152
                  Entropy (8bit):4.421957886385963
                  Encrypted:false
                  SSDEEP:12:TMHdGGnOCOXQEN+uKpvvvXQM/+gqRPf8iKNJuo1vzsqtvGq8khkO87eJ7emPEatR:2dqQEKpnvGX8PjumI2Ga6MVv1fvvX
                  MD5:3437CC9FECCE5EE8B4E7A1B3091A7E01
                  SHA1:8FF7EED4D4DF45E465387BFA19A8E71429FF3D96
                  SHA-256:A4EBC3921351ED4BBBFD963294999CC1DA586B9A1EBE91A9422AEA90AACF7A35
                  SHA-512:753B3AA01F7100A6BCC94316AFE33A845635B5AF1D490BE0B6509F7937FA81F2CF377BDF6FEB598DA0930113BEB235C898D290AD6DC5E8EBCF57C872401502CE
                  Malicious:false
                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <ReefMasterSonarViewer.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="ImportOptions" serializeAs="Xml">.. <value>.. <sonar_log_import_options xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <HeadingSource>None</HeadingSource>.. <WaterType>Fresh</WaterType>.. <WaterTempC>20</WaterTempC>.. <TransducerForeAftCM>0</TransducerForeAftCM>.. <TransducerPortStarboardCM>0</TransducerPortStarboardCM>.. </sonar_log_import_options>.. </value>.. </setting>.. <setting name="Language" serializeAs="String">..

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\ExternalUICleaner.dll

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):175584
                  Entropy (8bit):6.584858200891003
                  Encrypted:false
                  SSDEEP:3072:6zzUwEFxz4L21x3d9ZLPf89kTVbmEzXbMd6JxAg0FuDLToogus3Dn+8X:QwHFxzxbZjfJTZ9JxAOQtTn5
                  MD5:EF56BC314192E0E30E10A75CC9DA5358
                  SHA1:2D60B8B14FB9ACBDD9ACBAF7ED3FE02408865969
                  SHA-256:75E972172E1BE169C50E1C532A85CE5BD30DBAD245755CF03071A504595254D8
                  SHA-512:F49BFB6790E70F763E22AF6A4B7448824C9003CDF2A8334887EEFC956B39CD7B8E4262E9C08682EBAE7A69DD9FEB9C2A9F09D2BD11A8FEFB035642E7425DAD7A
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.......................................\.......\.......\...C...................X......X.......X.........o.....X.......Rich............................PE..L......`.........."!.................x....................................................@.........................Pl.......l..d...............................H...HO..p....................P.......O..@............................................text...o........................... ..`.rdata..............................@..@.data...4............h..............@....rsrc................t..............@..@.reloc..H............z..............@..B................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\New

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
                  Category:dropped
                  Size (bytes):318
                  Entropy (8bit):2.034441580055181
                  Encrypted:false
                  SSDEEP:3:PFErXllvlNl/AXll/lFl/Ft/HtAiotuZt/nZllBe+llBe+llBe+llBe+llBe+lll:k9ij1BjjjjjTtXGuwtOZBl
                  MD5:C23CBF002D82192481B61ED7EC0890F4
                  SHA1:DD373901C73760CA36907FF04691F5504FF00ABE
                  SHA-256:4F92E804A11453382EBFF7FB0958879BAE88FE3366306911DEC9D811CD306EED
                  SHA-512:5CC5AD0AE9F8808DEA013881E1661824BE94FB89736C3CB31221E85BE1F3A408D6E5951ACCD40EE34B3BAF76D8E9DD8820D61A26345C00CDDC0A884375EE1185
                  Malicious:false
                  Preview:..............(.......(....... ...........................................................................................................................................................................................................................................................................}..................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\Up

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
                  Category:dropped
                  Size (bytes):318
                  Entropy (8bit):2.0369361465218003
                  Encrypted:false
                  SSDEEP:3:PFErXllvlNl/AXll/lFl/Ft/HtAiotuZt/nreBB+eKemhlRhmeemfB+ll5evZ/Xy:k9ij1KBBhK9jwmfBuiKaq5n
                  MD5:83730AC00391FB0F02F56FE2E4207A10
                  SHA1:139FED8F0216132450E66BDA0FBBDC2A5BD333AF
                  SHA-256:573E3260EED63604F24F6F10CE5294E25E22FDA9E5BFD9010134DE6E684BAB98
                  SHA-512:E3DBE1956BB743FD68319517D1D993DDA316C12BBBBBBD6F582ECDD60C4FDE24CC4814C7AB36ED571F720349931EAC10B03E9C911BA0F4309B10604B2C56C6A9
                  Malicious:false
                  Preview:..............(.......(....... ...............................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\aicustact.dll

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\applogoicon

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 2 icons, -128x-128, 32 bits/pixel, 16x16, 32 bits/pixel
                  Category:dropped
                  Size (bytes):68790
                  Entropy (8bit):5.137930819326083
                  Encrypted:false
                  SSDEEP:768:PvyvOSZGNNNYlJ0cdyAFSG6pY5Gea0KPUQet9RUKz5UGdATX5A08dfV:3yvOIGXNo0c/FS+5Gea0KPUBZzzJ+X5U
                  MD5:1284E67CA07EF69F28932AF43D82C347
                  SHA1:568900441C5B158458847FFD97EC2F2361DCAE1A
                  SHA-256:A53358EB05B00DD31F7A0442B5B52A9D142824D7998B43591C7D8CE782042330
                  SHA-512:0A19AC32AB117E287A539213478C58D10252E5ACD90471AF856815016158FC823AB9F28B01D5380F9BC3C3EAEA4282261C0F306A1E10BFA0B1BADCE7715796AA
                  Malicious:false
                  Preview:............ .(...&......... .h...N...(............. ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\background

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 600x480, components 3
                  Category:dropped
                  Size (bytes):29790
                  Entropy (8bit):7.930808148389421
                  Encrypted:false
                  SSDEEP:768:0s1Q+9n9FvqjdnMqt5ClXxUzydsJPwz/PaVuWMr:Z2+9nOhhGU2dE4Dt
                  MD5:34363136D896A1DE743489E2AFF7D849
                  SHA1:2678A41EEC6D6D7F3267347F5EA2F7CA770323BB
                  SHA-256:AE4355BC29FC0B409605FAF5C69664A97A44C914E855B474B24281D17B7DCB15
                  SHA-512:2711C50013F9B763E2EB7EED136F120DBE71B45ED0669655B07393E75F4E704877E7AF473133469A012FD13D6BC50F2F715E8244395061A0067A480778759448
                  Malicious:false
                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................X.....................................................................................!Qa...1A....q......"R.....2b......Sc..U.Br#3C.$..E..t.%..s.D.eu......................!.Q.1Aa.....q....."2RbS.B#.3C.............?.....T&...,g....q.]).#...6W^d.....(hKR3-EKYn..<...5....j3.Q]mer.KR."...jA...Z.....6.I.QY.Y......'...GSUu.KR36..KR....Z....E..h...R37..D......SJZ...QR.F...Z...B..t*.."\...pU-H..j.j..k..N..R.&.d..Wj\..T.J..jD....Z..o.BZ..MV..-KR.+P.....I.."UER.D].(.e...+.[:....q...jT..R...R<.......j]CSQ....554.KR$...Z..B...\....\.uT.!rT...!r...-H\....!rMA;.-H.......Z...jE*.........Z..X.AT."...KR. ..jB.....VfP.jE.*..".B.3..#QlM3mhKR7...!.-H.D&.....*."..m.x..q1....W>&$.e.YVv....2.(.......q.........o.sb.b.,.I..:..2t..L.\..sYEK.<._2/...>..w..x.u..lT....I..icK.?..x.d.

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\cmdlinkarrow

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 3 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                  Category:dropped
                  Size (bytes):2862
                  Entropy (8bit):3.160430651939096
                  Encrypted:false
                  SSDEEP:48:QFFZ+f+zd+kHeNTM9/+Xz++++++++YWWS0i6I:QFFEw4Xc+D++++++++ypi9
                  MD5:983358CE03817F1CA404BEFBE1E4D96A
                  SHA1:75CE6CE80606BBB052DD35351ED95435892BAF8D
                  SHA-256:7F0121322785C107BFDFE343E49F06C604C719BAFF849D07B6E099675D173961
                  SHA-512:BDEE6E81A9C15AC23684C9F654D11CC0DB683774367401AA2C240D57751534B1E5A179FE4042286402B6030467DB82EEDBF0586C427FAA9B29BD5EF74B807F3E
                  Malicious:false
                  Preview:..............(...6...........h...^......... .h.......(....... .........................................................................................................................................................wv....."""""o.."""""o..www""......"/.....""......"/......r.........................?...........................................?......(....... ..................................................."..... .". .6.-.9.;.<.;.D.3.,...4...9...O.,.Q.$.M.2.S.:.\.1.U.$._.1.F.G.I.A.`.@.w.q...|...q...{.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\completi

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 2 icons, 48x48, 8 bits/pixel, 48x48, 32 bits/pixel
                  Category:dropped
                  Size (bytes):13430
                  Entropy (8bit):5.905156325236297
                  Encrypted:false
                  SSDEEP:192:t22z2QAQFSD6izYCBReXWhB/zCSk/ovVE7j5m3Ut3MyPpEseVl0cDiCQ+fXT:I2z/FSeW/RsWh9Ctovig3UXmxYc+W/T
                  MD5:244DF84C545247A478BEF4A1BBC1399D
                  SHA1:C69ED79145BB40BA18A92996B0A242585AFE315E
                  SHA-256:520E5248975B3B8E6C5D574D57080F901C88FE59D4DFF6A89FAB524FB51FE606
                  SHA-512:BB2739344B369E5FCCB72B8762E30C38A2AC8EC949BDC8CB56619F526E3954ED5AE159D6BE4BAC2E0C10C4BC2F14820102A2D409AD17BB5A9BBD77E34441CF69
                  Malicious:false
                  Preview:......00..........&...00.... ..%......(...0...`...................................r?..uA..yF..~J..~M..uL..yL..}S..gE .jJ'.{S$.qfZ.~vl..L...N...P...U...Q...T...Y...Z...V...Y...S...[...Y...\...g...`...f...q...j...s...s...j...q...v...x...z...{...\#..]"..])..a)..e$..k$..j#..f+..m,..q"..e>..h8..f1..i3..o3..m;..q6..n%..v$..u"..{"..w...v).../..y$..z4..oN..qJ..uF..z^..zS..|G...R..tg..yf...m.......&...1...=...2...<...;...:.....+..-..3..3..;..;...I...I...G...I...R...S...R...[..._...[...Z...a...k...w...x...|...~...d...c...i...`...m...b...a...d...d...j...l...k...s...v...z..G..A..[..F..H..U..Q..[..\..L..X...e..i..d..i..r..v..s..|..{..z..x..h..u...i...x.....++..;;..BB..TT..cc..uu.................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\custicon

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 5 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                  Category:dropped
                  Size (bytes):21086
                  Entropy (8bit):6.009410626000926
                  Encrypted:false
                  SSDEEP:384:52z/FYOKTR0q/irJKH2Wh9CtovihgGIqxYc+W/azzz3gx4n3V:5AF5QH2WXCto7GzYc+pzzzQx4n3V
                  MD5:4E1EDBE834AAF76D9D1DAEC3DC08947E
                  SHA1:218AD194CB40DF778EAFAEDA68F8A44BE25B94C1
                  SHA-256:E5F4F6B5E24D6F7E2605ADD8E247DC0326F00C26725D315679C1C6FCE8A90C97
                  SHA-512:4CF41E7080DF1E8606FBACC3B2F87C9416ED43FA55A2D938A1149124253486084B679BC7992CE8494DD0E22B91CD5AAA1FDD19800F5DE4F73B64A0A2BA3FCC84
                  Malicious:false
                  Preview:......00..........V... ..............00.... ..%...... .... .....N=........ .h....M..(...0...`...................................r?..uA..yF..~J..~M..uL..yL..}S..gE .jJ'.{S$.qfZ.~vl..L...N...P...U...Q...T...Y...Z...V...Y...S...[...Y...\...g...`...f...q...j...s...s...j...q...v...x...z...{...\#..]"..])..a)..e$..k$..j#..f+..m,..q"..e>..h8..f1..i3..o3..m;..q6..n%..v$..u"..{"..w...v).../..y$..z4..oN..qJ..uF..z^..zS..|G...R..tg..yf...m.......&...1...=...2...<...;...:.....+..-..3..3..;..;...I...I...G...I...R...S...R...[..._...[...Z...a...k...w...x...|...~...d...c...i...`...m...b...a...d...d...j...l...k...s...v...z..G..A..[..F..H..U..Q..[..\..L..X...e..i..d..i..r..v..s..|..{..z..x..h..u...i...x.....++..;;..BB..TT..cc..uu.................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\exclamic

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 2 icons, 48x48, 8 bits/pixel, 48x48, 32 bits/pixel
                  Category:dropped
                  Size (bytes):13430
                  Entropy (8bit):4.339511276304085
                  Encrypted:false
                  SSDEEP:96:KYvlkFEXFYU2+yCvIFA13cJ/rrrrrpbEn5UnanjPRZfZy1wvI8:bVXuzd6IF0czwNPDZfI8
                  MD5:93D722FA20A988A5C257A58BF155DC66
                  SHA1:30C0D19F02CB39F8804DAFE6AF483A09C76E2338
                  SHA-256:F587867EED0BEC33EF150F3A8525BDE9B6746C705543874E56653AA80EA53225
                  SHA-512:BFB91739AE7432DD7D0A919F15B5B721E733675C3C2A4D5238C9955A6517DD4653042FA444F2D2627508908F6DA7DE0FBF22F37CF1A60476F59CBF254F62F736
                  Malicious:false
                  Preview:......00..........&...00.... ..%......(...0...`....................................-...<...I...L...P...S...S...T...G...@...K...V...W...Z...\...]..._...C..*^...`...`...f...a...f..&e.."f..*n..)v..3w..5v..2x..7|..8}..<}..B}..._...e...k...a...m...p...t...r...z......5...M{..............,...0...+... ...,...<...?...<...:.......................................;.......-...!...-...................................................#...#...*...6...5...;...'.../...#...(...,...(...,...:...;...6...1...:...A...@...K...J...L...B...A...S...D...K...V...\...R...M...M...K...M...e...`...`...k...d...m...s...z...Y...e...}.......z...J...G...J...B...E...V..._...]...U...[...Y...Q...L...G...F...B...M...J...P...[...R...\...P...Z...b...i...e...b...l...f...u...~...b...k...g...m...c...s...z...5...<...C...J...N...T...Z...U...X...]...g...c...m...c...h...z...s...z...t...}...i...r...u...t...~.....................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\exitbackground

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 600x480, components 3
                  Category:dropped
                  Size (bytes):27668
                  Entropy (8bit):7.929380020340665
                  Encrypted:false
                  SSDEEP:768:qrR9VSlj5m8DKdUZf94VSFeZaV+WPQqbNKc:wTVkmjE1NlV+Tq5j
                  MD5:24103F71A86C20089528C96C0DBE1445
                  SHA1:007D7A930DCAE7684477347F4F2BD58D4EE5D184
                  SHA-256:8542E195EF15DFD3ED9B246D3539295F266A19F3BDE524C3F41B99ADB6719C11
                  SHA-512:94267AA20FB17E2DB9AC31BB20B17E108F99C17F181C8F1612D9ECC9AC1375703B2EC7AF3795B7C4AB379723C4C764A137025FB21DF3E60859D0480CA546EB10
                  Malicious:false
                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................X.....................................................................................Q...!1Aa.q........."R.....2b.....Sc..Br#3C.....s..%.....................!.1Q.Aa....q..."b...2.B#R3.............?.....Y.Kc.c?w.O.~'..%...R...]z..17..Q..DfZ....z..#.p.R.-K..Ev....E.Ei...KMX......m&...i.x....B.......U..Dfmc.QM......,."".v4W^......W.....M..j.T.f....Z...DMS...."%.Q].....V.&.~..&......i.]D..aJ."j.iP.\..!..W"..........Sb.B.j.....6.DJ.YO""....l..5su.^i... .?&....R<.).CSQ...P..y6S.....r"M.*...\.!X...!X...WU.....]....T.....*.Sb.B.wl\......."-IE..J..b.@..........+."...B.r!r.V.D.P.X..ufe...",YV.%...q...E.4...Dn/..C.\..D'5.....-R..DX.e.o.;..&>5ta`.R....4.J..z.:a.Y...s....3.u..u.M....]...Z)..[P..:jO=-X....5.T.....".s...o..[..55b....Q]X-,jp..8...IM.S..]..8.

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\folderlogoicon

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 6 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                  Category:dropped
                  Size (bytes):22486
                  Entropy (8bit):5.589726249843378
                  Encrypted:false
                  SSDEEP:384:sfx756jQSsshS7DnTsCPfO5XnOto6tsXv62mNAyCagT07a:Q7MxUFO5XFYsCpBCa2
                  MD5:F840598DD74703C754A3ECED7DD18987
                  SHA1:8BDB706588CC61278A533DF507CBEDF8CA7E0B79
                  SHA-256:42F2ED4B7CC97751980B359980E220E5B4AF623ADF97E2F6B4AF9DC46DB2F03C
                  SHA-512:05DB775655D81502AC014114A571CC6B7B72827E5A855F4DAAE342AB53A47BC12F055F927A49F1E6D4D7C94461E308F0D9995EF507B7041031A4F6379EBE85E0
                  Malicious:false
                  Preview:......00..........f... ......................h.......00.... ..%...... .... ......B........ .h...nS..(...0...`....................................6..!6..$:..)>..':..*<..+>..%,!.(8$.&D..)C..0O...R..2Z..-D..-B..2D..2O..4C..:E..<J..5R..6Y..:Z..;Q..>]..5a..9f..5h..:m..>t..?}..7a..;b..;k..>q..9F!.?b!.@M..AU..B\..wK..~T..@~..@f..Bk..Cc..Hc..Fk..Il..Cs..D}..Jz..Kt..M|..Q}..FK#.TM'.HT$.VV+.BT6._^2.bV,.{Z&.g\1.q_3.Kb".Mk .Rl$.Wa..Ui(.Zj,.Ep%.Mx*.Ss".Xt'.Tz!.Y{%.[s*.]y).Id4.]g0.ax-.he6.vg:.hw6.py>.ObE._t@.ZpI.ajJ.|nA.d{M.yvC.ekU.kxS.or\.h{X.qs_.mwg.xxa.sss.|||.._...]#..f)..i)..l9..o1..w9..xH..}C..{W..~f.E...I...M...R...V.".Y.%.^.).].+.c.-.`.-.e.0.h.3.d.3.j.5.m.9.l.9.q.=.n.=.h.G.y.D.t.D.y.F.{.K.j.S.~.P.~.u...L...I...M...R...V...V...]...J...U...\...l...d...b...d...p...v...y...~...o...h...k...}...q...b...j...r...n...w...z...~...........................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_bottom_left.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 3 x 3 x 24, image size 38, resolution 3778 x 3778 px/m, cbSize 92, bits offset 54
                  Category:dropped
                  Size (bytes):92
                  Entropy (8bit):2.7378292288805217
                  Encrypted:false
                  SSDEEP:3:k6llllDlxwgM/Uhlllqpdl/ln:k6l14gM/3Xl/ln
                  MD5:4511B7766471C1B034EC81C7C2D47F60
                  SHA1:832EB1CA243F32A225F35D77783B441A1CB86DD7
                  SHA-256:D9DCE398C16D9526494DFAEED51C94F292CF5EE32BECEC06944B846E367720D1
                  SHA-512:88BD9CA8BA6FE2F93FBCDEE806D4DA9916DF3A68C34AB6CC028A432A1851FF2A6CD29AE774844AE94319B2DE4EF8656C43053A740062DCA594AEB1E1FCC6D5F1
                  Malicious:false
                  Preview:BM\.......6...(...................&....................~$.~$.~$....~$..........~$..........

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_bottom_left_inactive.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 3 x 3 x 24, image size 38, resolution 3778 x 3778 px/m, cbSize 92, bits offset 54
                  Category:dropped
                  Size (bytes):92
                  Entropy (8bit):2.7802219955097622
                  Encrypted:false
                  SSDEEP:3:k6llllDlxwgM/g1J/lln:k6l14gM/k//n
                  MD5:F74DBB66421938DA95DA32C18A02ECFD
                  SHA1:735BF4C2D76A88785EB41ADFB446FDBEAA8258ED
                  SHA-256:C94AE660295F25E45F5D494DBD178386352A0223C09C054B37E274C7B3F336BE
                  SHA-512:09648BA636EEBFA15112B0D6A3C11CC6E58EE337A6B3F81799529BC2F91DFA57D9A865298543F813E7B133D3A6A130C66DCD362B7888D55B454C7B10ADEDE418
                  Malicious:false
                  Preview:BM\.......6...(...................&....................~$.~$.~$....~$..........~$...........

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_bottom_mid.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                  Category:dropped
                  Size (bytes):68
                  Entropy (8bit):2.294988181882709
                  Encrypted:false
                  SSDEEP:3:84lul0lblxwfNbyct:84luKglW0
                  MD5:93AFE3823760212DF91F696EF836AB6A
                  SHA1:7F9A026177695F2D59AAD11C1D62879512B2376F
                  SHA-256:D0AFD83A429AA453979E75268732711D366CAE6ACADB6321DA4176D97F2E4106
                  SHA-512:B7AE648BC9F9E8CBDFABC99A5CAC5F1849A677C442252401AB45D0FB54F9762042FEC062C2F78090BD9CAC9B8E58FDF49C6DBC0E017D366C792C2AC9D6BB460B
                  Malicious:false
                  Preview:BMD.......6...(........................................~$..........

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_bottom_mid_inactive.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                  Category:dropped
                  Size (bytes):68
                  Entropy (8bit):2.324399946588591
                  Encrypted:false
                  SSDEEP:3:84lul0lblxwTx6:84luKgk
                  MD5:56D51D2F58CC2C7837B0552F5227A75E
                  SHA1:BCB46802A538A972079D2C3867E6620BD1D5E04D
                  SHA-256:7FA85DF1E72938D8ED64B9ADA99179A568821CFD117B4CEA15FAB02B6F735933
                  SHA-512:C5BCBDA7EC1EE75C7B10069DC7C06389B8993F97D166C367F8A82AD1FF7B89026E49EF1BDACB25C12C52729B3B804E164742ABB01FCB60218B7A1F52FA1E3F79
                  Malicious:false
                  Preview:BMD.......6...(........................................~$...........

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_bottom_right.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 3 x 3 x 24, image size 38, resolution 3778 x 3778 px/m, cbSize 92, bits offset 54
                  Category:dropped
                  Size (bytes):92
                  Entropy (8bit):2.7378292288805217
                  Encrypted:false
                  SSDEEP:3:k6llllDlxwgM/BFzqktn:k6l14gM/Skt
                  MD5:0528EDEEAEA9F05AC3264732164A039F
                  SHA1:3A475AB7C6DFF833BBE4E53AA2A7F33AF551CF8D
                  SHA-256:89D3F3990A5A6ECF5D804F8CDE7BE5E8A0BE436091D9CBA05B7F9D6D2F715D4A
                  SHA-512:2EEA306C11D2806C1E8EDFE022813E6FE0A9AFF649D2333118862E4A42DBE462B450373333FB5954A4159D446031227FEC134040C59020D87D52B2186FED4B68
                  Malicious:false
                  Preview:BM\.......6...(...................&....................~$.~$.~$.........~$........~$.....

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_bottom_right_inactive.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 3 x 3 x 24, image size 38, resolution 3778 x 3778 px/m, cbSize 92, bits offset 54
                  Category:dropped
                  Size (bytes):92
                  Entropy (8bit):2.7802219955097622
                  Encrypted:false
                  SSDEEP:3:k6llllDlxwgM/pIBt3WaX/n:k6l14gM/KLGaX/
                  MD5:9D68FB8464E6AD97E33BA249615B80B7
                  SHA1:73C4741EF560C1DB301EAC246AFA61F1083EF482
                  SHA-256:722F6C8E8ADE0B7D5CAE0D690ED2B8605919E9FEFBCE740AFEC10477835D8E2C
                  SHA-512:C90BE1339A5DF17ACF63D204BEFB2E53F2B1BB520183EEEF7009A58025F9538B8F509C4A2BF40B314212E631332C790196D069074D1425A51DCDE9AC20485F92
                  Malicious:false
                  Preview:BM\.......6...(...................&....................~$.~$.~$.........~$.........~$.....

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_caption.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 1 x 22 x 24, image size 90, resolution 3778 x 3778 px/m, cbSize 144, bits offset 54
                  Category:dropped
                  Size (bytes):144
                  Entropy (8bit):4.322702779220089
                  Encrypted:false
                  SSDEEP:3:3l7lsl9/lOlER78PCBmlBmlEJ+LUhTUiisuJkhF+J5/CwJe/n:3lhslfOl4wahlHUyiCoF+J5/zJe/n
                  MD5:434B0136DBFCC38E2D04870C72C8FA0B
                  SHA1:8C6D288A1BB815A6B9B3F32C6503C0715BE95570
                  SHA-256:96CEE71E09B11BF1C6D6364935C93DB4C06BDD88C0A4FD3A901E28F6C7AB8D0E
                  SHA-512:6945F94FDA7ADA439A33F11964B03E74A3F3E7354D6A7F4B73936518674621E72562988F14A7C20DF58FCE97373BA9F64222D4E27716233A02B0B2FEA2580E8A
                  Malicious:false
                  Preview:BM........6...(...................Z...........................................................y..s..n..i..d...^...Z...V...R...

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_caption_inactive.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 1 x 22 x 24, image size 90, resolution 3778 x 3778 px/m, cbSize 144, bits offset 54
                  Category:dropped
                  Size (bytes):144
                  Entropy (8bit):4.170104387198996
                  Encrypted:false
                  SSDEEP:3:3l7lsl9/lVffCKZMNO9polLu0bbMpTCc4R89flV76lFB:3lhslfZ+Smlq0bopTCwt23B
                  MD5:CBAEDDFCD5B7AF39C8BE2188C405EA2E
                  SHA1:91E773D44E45300DA6EC2AF2A2EFD4F7A32159EA
                  SHA-256:1050B443BADD2256E2D5305BB2F43CDD8E0402BAEF90D3CE834B9ACADD7BF083
                  SHA-512:D5907B4217CF37E5EB80CDD49617C3DAD56A26DBB66B34B61E4D4E25427D7CF10406086CA5C4686FECF6A8BE9A610EFC4B000BF4EBE3851D4C1F0A4AB16BD99F
                  Malicious:false
                  Preview:BM........6...(...................Z............................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_left.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 3 x 1 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                  Category:dropped
                  Size (bytes):68
                  Entropy (8bit):2.294988181882709
                  Encrypted:false
                  SSDEEP:3:86llflFlblxwpdl/ln:86lttgXl/ln
                  MD5:D6B74E7BE05D08EAA9DF982B49007DCF
                  SHA1:F555C17634844F2B7E8D8D5FA22698AD85A77931
                  SHA-256:76E9CB6C92825CC7CDA0443CDE120F7DFFB11A685F409CB0E94BC6FC68AF23A5
                  SHA-512:6E36F9F18080B333F8C1D4BBFDAFFC499A4542346E8DF427FD7C6834036DD7E47C5702EBFFD9AB6DB8BE2665340C0653E4683B3358F020F4FF55338FE432BC7F
                  Malicious:false
                  Preview:BMD.......6...(........................................~$..........

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_left_inactive.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 3 x 1 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                  Category:dropped
                  Size (bytes):68
                  Entropy (8bit):2.324399946588591
                  Encrypted:false
                  SSDEEP:3:86llflFlblxwk/lln:86lttgk//n
                  MD5:3D4F10D43AA8FA1F2DB16089371E1DC1
                  SHA1:BB3FB80E0F0A36C29CCA139EA6CCC3F92717CC03
                  SHA-256:BD5B38D6A6EC71A6710B4426813A2B11A7B2D08AEA128F766C8FB09994CB37D9
                  SHA-512:72F49D128B2C36F282A7B1FF7884F642A658F7875B2F75FA835DBEDC2842D0F07186E52E20E6362A45F67EC5450BA8EDF3B9E8C076767B981F8F79D5E9941636
                  Malicious:false
                  Preview:BMD.......6...(........................................~$...........

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_right.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 3 x 1 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                  Category:dropped
                  Size (bytes):68
                  Entropy (8bit):2.294988181882709
                  Encrypted:false
                  SSDEEP:3:86llflFlblxEn:86lttU
                  MD5:EAEF86FD9B9CCB6E5FE49E1624F29821
                  SHA1:CEB47F5365CE0041B982F63904D7D7948DCE4399
                  SHA-256:187F09838607C359F1460AD4E6785AED34FCA497BA9FC8582519BD70B0DBD08E
                  SHA-512:42E68B55D99A2877253C3A1FBF3511C7AAB8E4DC1441E2D902C12B3C3397C0A2489E72D1F4F8EA897E556FF0766806667F781255635E8171F047A77A81D0E8BC
                  Malicious:false
                  Preview:BMD.......6...(............................................~$.....

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_right_inactive.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 3 x 1 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                  Category:dropped
                  Size (bytes):68
                  Entropy (8bit):2.324399946588591
                  Encrypted:false
                  SSDEEP:3:86llflFlblx8aX/n:86lttMaX/
                  MD5:726C01077BEF6565D296438488FE48C7
                  SHA1:2FC6780AC49F0AAC8FA1719C8ED9287DBDD2D9CC
                  SHA-256:E9A6BF358370344062F3533A539DA4710E173802E68CD63D7D396E29E78441BB
                  SHA-512:4BBF7258EB6F7EADC645933F6229473790F02BB048E0A327F77EE9486EE86C67E1D17AB2E9ABF3BB44B4C9069FC094548AF085BE4824431030B6616F97B4E923
                  Malicious:false
                  Preview:BMD.......6...(.............................................~$.....

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_top_left.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 6 x 25 x 24, image size 502, resolution 3779 x 3779 px/m, cbSize 556, bits offset 54
                  Category:dropped
                  Size (bytes):556
                  Entropy (8bit):5.845299489672474
                  Encrypted:false
                  SSDEEP:12:alUI5X+ySaqK1T2oJAMdz/myZd21SgoBP0/7nP4clzYg9f3sQeRBXt/:a2IktaqKYoJBZdMDiM7PdSg9f3svnXt/
                  MD5:A399BA2A5C4C61B0F57A8F2704CDFBCB
                  SHA1:5A7F1851EFF423C63CCF58FDA5424EB9B13F1D5C
                  SHA-256:64EA9FBD1F4E5197E7D3883764DB84A4F9C35984E40C1D7560865D94A68C27E0
                  SHA-512:F328AFA9CF01A68F489060A52299550B08771E2FD2D30631FD666CFFDDF2E58C31DC48D17901954722AD053C9702D9A600E0342A07DA6F330C00D71550597FE4
                  Malicious:false
                  Preview:BM,.......6...(........................................~$..............~$..............~$..............~$..............~$..............~$..............~$..............~$..............~$...............~$.............~$.............~$.............~$.............~$...{.y.y.y...~$...u.s.s.s...~$...p.n.n.n...~$...k.i.i.i...~$...f.d.d.d...~$...`..^..^..^...~$...c..Z..Z..Z......~$....V..V..V......~$...d..R..R.........~$......`............~$.~$....................~$....

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_top_left_inactive.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 6 x 25 x 24, image size 502, resolution 3779 x 3779 px/m, cbSize 556, bits offset 54
                  Category:dropped
                  Size (bytes):556
                  Entropy (8bit):5.565570861400036
                  Encrypted:false
                  SSDEEP:12:alUCbxbxbxb3Bk+ZRRiMy1RodJN4b9LvoTYCyrkcMMiNSdOfa5zRBVL3t/:a2snRRiDcdo1voTYCjcMMCSdOy5DF3t/
                  MD5:CAD04C217E0AA67350CD883FAE197D4D
                  SHA1:6F7C2BFBEFAD515E60E406F9BB75517A8F0055FD
                  SHA-256:130CDBFFE56BA97C1FDE07551745D912D9B47FE6C977E3FB2B0F8A0FF37196B5
                  SHA-512:15A8835B9EB0257EE68EF493CC1CB4D01B56C3851260F33D23E8A9B6BE7162B780915B45A45FBA78EFF88376CADB74BAD842EE84AF4A724DED87F45DF2FE7F9F
                  Malicious:false
                  Preview:BM,.......6...(........................................~$..................~$..................~$..................~$..................~$..............~$..............~$..............~$..............~$..............~$..............~$..............~$..............~$..............~$..............~$..............~$..............~$..............~$..................~$.............~$.................~$..............~$.................~$..................~$.~$....................~$....

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_top_mid.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                  Category:dropped
                  Size (bytes):68
                  Entropy (8bit):2.324399946588591
                  Encrypted:false
                  SSDEEP:3:84lul0lblxun:84luKen
                  MD5:26613245ACACB480E29EAC4B4CA7AE61
                  SHA1:8166FF0C2D12EE7511C701248CE3519829DE8DF1
                  SHA-256:7C0A37FB0AC7296AA01BA3F5550A91A94EECC1CF0096426B036ABAB057DDCD21
                  SHA-512:2DA77D423D421CA53CA3072D400E309263B902DA3B8B47E148120EC3F3D1AEEC938E0160F3D77B37A028368DD3B3879AE7AFCB456EF4E01FF76F300B56977173
                  Malicious:false
                  Preview:BMD.......6...(.........................................Q.....~$...

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_top_mid_inactive.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                  Category:dropped
                  Size (bytes):68
                  Entropy (8bit):2.324399946588591
                  Encrypted:false
                  SSDEEP:3:84lul0lblxWgXvtln:84luKGgPn
                  MD5:808012F486450EE29F6F43FD552C5B82
                  SHA1:DD354E0A832A6C70745653DE59ABA8C4D3A55BB7
                  SHA-256:C0AFAFEF01798632D67C1C6791C3D3D9048093311ECC79CEAE39AF791CACC1CB
                  SHA-512:FAD2FDB22B92272509CC66BBDCE28FF0D9B4EAF4233375C23FC074AA52891714ACD05DAA35A238A426B412F6D2A989BCC3961B1D067E6147D301038C35702550
                  Malicious:false
                  Preview:BMD.......6...(..............................................~$...

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_top_right.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 6 x 25 x 24, image size 502, resolution 3779 x 3779 px/m, cbSize 556, bits offset 54
                  Category:dropped
                  Size (bytes):556
                  Entropy (8bit):5.8757827039674195
                  Encrypted:false
                  SSDEEP:12:alU7qYrckU1yXpnHvfUgi25V3x+Czm3Cju3G9FcC5V7cVwiS8rLYd:a2pckUM5nHvMz2L3xmy9FceqVwiBcd
                  MD5:35BC465D59F290CBAF477899D4150CF4
                  SHA1:81B9FDB423EDF645FE982541D621520F88861F2A
                  SHA-256:86F646E0ACA7F43E5D79FE1C794613B42E3352765AA08DA1CB30923084FA1829
                  SHA-512:B45BF122633A40DE3F63D031C2D8BE320BFF49243409463952F12D18D326DBBC1B95770AA83D1799B991B01CC88D2D781CE94999CCC7D23D6DF7CD196E37FB2C
                  Malicious:false
                  Preview:BM,.......6...(..................................................~$.............~$.............~$.............~$.............~$.............~$.............~$.............~$...............~$.............~$.............~$.............~$.............~$...y.y.y.{...~$...s.s.s.u...~$...n.n.n.p...~$...i.i.i.k...~$...d.d.d.f...~$....^..^..^.`...~$....Z..Z..Z..]...~$....V..V..V.i.~$.......R..R..R....~$.......U.m...~$...........~$.~$............z,...................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\frame_top_right_inactive.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 6 x 25 x 24, image size 502, resolution 3779 x 3779 px/m, cbSize 556, bits offset 54
                  Category:dropped
                  Size (bytes):556
                  Entropy (8bit):5.584465443149789
                  Encrypted:false
                  SSDEEP:12:alU7BBBaAk2em50/OIKeUKKQBF+C8fX7b57bgd:a2Ym502IK7DQB/kX7b57bo
                  MD5:8141BD1072F77C42511386A23C8F27D8
                  SHA1:B3A10161C50D874D882FDAF2B57A6030C3495DA8
                  SHA-256:1DB097596C80FE2C410F51951FC7AACD7DB843F2BBDA04F726140C45CC49A01B
                  SHA-512:9680A2DF0F4F59450AF5F48B31E4EF4E6E0493437C2128BC4CE3737CDBE1ABC0C4F608D55C74B4F905CED22F6AB72F03BC343F79FDA61A2926972FAB41A5F093
                  Malicious:false
                  Preview:BM,.......6...(......................................................~$.................~$.................~$.................~$.............~$.............~$.............~$.............~$.............~$.............~$.............~$.............~$.............~$.............~$.............~$.............~$..............~$..................~$.............~$..............~$...........~$..............~$............~$...........~$.~$............~%...................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\info

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 6 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                  Category:dropped
                  Size (bytes):22486
                  Entropy (8bit):5.511908704029649
                  Encrypted:false
                  SSDEEP:192:0DT6aNn0CgAevbxezcSptuGH0BJ1cBYehJjbQypQ6X8rdb:/aNn0DAoN4c8HH031/QQ6XWZ
                  MD5:FD535E63F539EACB3F11D03B52B39A80
                  SHA1:A7F8C942E5672F2972C82210A38CC8861435F643
                  SHA-256:0086BC01150989F553A0A4AE0E14926C6E247CEDDA312E1F946AE35D575742AB
                  SHA-512:716EAB95B5535D54359D12C9786F5A53F9560126D2C48EB1A94DB5BD383363B43EA686AC421080564B54450DA35AF9CE3E11CECD485AAF27C0CEAEE7836F4518
                  Malicious:false
                  Preview:......00..........f... ......................h.......00.... ..%...... .... ......B........ .h...nS..(...0...`....................................B...C...D...F!..H#..I#..J%..L&..N)..Q+..S-..U/..V5..W1..Y3..Y4..[5..\7..]7..]9.._:.._<..c?..`9..c=..d>..d=..`@..eC..fB..gD..hA..iF..kF..lG..kN..kI..lJ..oK..nL..jC..lE..oG..qO..pH..rN..rM..tO..uO..sK..uM..wO..pT..sP..vW..w]..tQ..wT..yV..xQ..zQ..{U..zT..|T..{Y..}Z..~Z..~X...\..}U..}d..[..^..^.._..W..Y..Y..[..]..\..]..]..].._..f..l..`..q..w..u..t..x..}..{...b..`..b..b..e..g..`..d..e..k..i..n..i..m..q..u..x.....z........................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\installlogoicon

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 5 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel
                  Category:dropped
                  Size (bytes):17630
                  Entropy (8bit):5.501776622442267
                  Encrypted:false
                  SSDEEP:384:24aEatlaz2HHHHHTHHHHHHBV310W5iehFhvY71eU748YuN6FfEoJJz5R31kpH8:2/D5HHHHHTHHHHHHBrk1
                  MD5:488C247C4D7482E34D4576C44CEE79E0
                  SHA1:92444B9622079CD8EB4C1D0C0E10E3E2DD8B4AD4
                  SHA-256:EB276449EB326A407CE055001607F212FFCAEF01B5F849BB50A606BD9CD177A6
                  SHA-512:E978672B01A2C5CD5C83DCBDC77CC80A60CA4A99283C30C7624E9DE49168BDD6686A5E6FDD913ED0A0E008D6D0D999129B3F25947A84DF7654ACD6C39906B6CA
                  Malicious:false
                  Preview:......00......h...V...00......................h...f...00.... ..%............ .h...v@..(...0...`.......................................................................................................................................p.......................0......................33.....................3333...................s33337..................333333p.......wwwwwwwww33333337........wwwwwwwss3333337p............ww#333333332............ws33333333330...........w333333333333p..........33333333333337..........;.............p.......................p........."""+......."""pp...........+...........pFffffffffff+.......f...pfffffffffff+.......fp..pfffffffffff+.......fp..pfffffffffff+.......fp..pfffffffffff(.......fp..pfffffffffff(.......fp..pfffffffffff(.......fp..pfffffffffff(.......fp..pfffffffffff/.......fp..p..fffffffffb"""""""fp..p...vffffffffffffffffp..px....fffffffffffffffp..pwx....ffffffffffffffp..pww.....fffffffffffffp..pwww.....ffffffffffffp..pwwww.....fffffffffffp..pwwwwx.....fffffff

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\insticon

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel
                  Category:dropped
                  Size (bytes):15086
                  Entropy (8bit):5.2402145994884695
                  Encrypted:false
                  SSDEEP:384:SCUNtR8LMbgM5U/YHeCtovi5yg8xYuYMp:S5RiMbHN+CtoJgkYuP
                  MD5:BFBE8F838AFC6156CF2362E81F713A52
                  SHA1:73A87A86C6F039E7B9D2EED0BDF7E6B1D78029BE
                  SHA-256:251099323513EA86DD5BC2C0BF8503AA364DB7B40B214C288FCC1A76A97B6D88
                  SHA-512:CFFAAD785AF37E35D8825058F93939EBB3CCE18D5C7BDF2ACF0543D530BCD34A443ED6B9352D1F0DF90F41DFE118B03B8F92D63143521C87138D92F2F1D6F1EB
                  Malicious:false
                  Preview:......00......h...6...00..............00.... ..%..F...(...0...`.........................................................................................................................................................wwxwp..........xFg....wwx..............hffffgwwx..............vhffffffg...............fhffffff................fhfffffg................fhfffff.................fhfffff.................fhffffg.................fhffffo.................fhffffo.................fhffff..................fhffff.......x..........fhffff......ff..........fhffff......ff..........fhffff......vg..........fhffff.......x..........fhffff..................fhffff..................fhffffh.................fhff.fg.................fhff..f.................fhff..w.................fhff..w................fhff.w................fhfg....w...............fhfx.....x......p.......fhg.......x....v`.......fhgx.......wwfff`.......fhgx..........ff`.......fhfx..........ff`.......fhfw..........ff`.......fhgw..........vf`.......fh

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\licagreelogoicon

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 4 icons, 48x48, 8 bits/pixel, 16x16, 8 bits/pixel
                  Category:dropped
                  Size (bytes):15974
                  Entropy (8bit):4.7511636081508275
                  Encrypted:false
                  SSDEEP:192:HxykgDLdeZFiNHcAz8CxykkvyHikEaJOtzg2rG6KUSL9k:HxykggFiNHcAzDykk74sZhr7
                  MD5:6734C0C659A96E52EB8FF8B149657C83
                  SHA1:84156606860EA5E6A2CEBDB0D7172BC296347EDE
                  SHA-256:21E97B115EAF2F8F7D31E89CAF9B3A21CEE4E3BD87F1FF26641894DA68DAFD37
                  SHA-512:655F6608FA87A2B7EEAE0C21B5236F375685B1C8BBA0655AB00AC480C75991D9194A945177DDB3CB2DFC8CC4C4B2E0B6F28994979EABAD6D807CC72A6921C8C8
                  Malicious:false
                  Preview:......00..........F...........h.......00.... ..%..V......... .h....9..(...0...`...................................RRR.[[[.aaa.eb`.eee.ihg.jjj.lkk.rrr.uut.zyw.xxx......xq...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\lzmaextractor.dll

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):13280
                  Entropy (8bit):6.268712852121326
                  Encrypted:false
                  SSDEEP:192:ZEgJsco2cF+N2a97qFnM/CK2a362BZHlUuzLS:zscFcoNr9ee/Pr36Mh16
                  MD5:A4E5923B8B31F31F8FEB22EC8B877848
                  SHA1:4E6C458DD6873EC2A8587FBD3C60648D97CF19D3
                  SHA-256:B20DC81D1A77936D3253CD68C188C12C3991199CCF862D05B657AB702A758910
                  SHA-512:8C883A50EFC04D6E84A977A4F1E04CEB72373DC1C2B89EFF48A7D3E7C79F6F9949AAC24CB7E80FA441939C2554E220D1FA2AF191516481F3D9ECBCBE1BA5C070
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......".T5f.:ff.:ff.:fr.;gi.:ff.;fV.:f0.3gc.:f0.:gg.:f0..fg.:ff..fg.:f0.8gg.:fRichf.:f........................PE..L......`.........."!................@........ ...............................`............@.........................P"......`$.......@..h....................P..P....!..p............................................ ..X............................text............................... ..`.rdata..(.... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc..P....P......................@..B................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\minbackground

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 600x100, components 3
                  Category:dropped
                  Size (bytes):3137
                  Entropy (8bit):7.576846140355196
                  Encrypted:false
                  SSDEEP:48:KiB2DfsrzLoiTUDzZs9v0nCIjwabZixk/eQA+i1FLk2wW+Yf79n0wYJMtqUIp:P+chYDzZsGnCE7/ri3NZh7JtnIp
                  MD5:BB54271B1F356D565828D45F6EE2F75E
                  SHA1:ECD46C5EFB5ADC5356B161EB6A90D0C6CF886E51
                  SHA-256:E257434CDFFB8C6231AFF131E260CF0E193E1E5CC123EA9CCDBE75E390771CA4
                  SHA-512:3EBD1CFEB325F44BF88743EDA3FECC65837883A613C208CF4BA1611AAC528854728DAB941D76843A018883326460D14693355E3C0716F86F0E3AE1CFEBDCA17C
                  Malicious:false
                  Preview:......JFIF.....d.d......Ducky.......P......Adobe.d.................................................................................................................................................d.X.............t...................................................................!.Q..1aq..R.A."2.bB.#3......................1!.............?.......J...Tf..". ......%`T..A..8j..yg..@A@3B. (..2Q.f....E...o?.s.....{_.q3Z.Q.... 2....@d.H).e.J.......`H..u|.V:.2..(.@.`$...@.%.J*..2P\..J.&..T..#@....(.(Te.2T@e.*3 .{$.J@.c...7..`.`3....X...4HA%....Q..U.y....4.2P..Q...(.$#-...*=._.....Lz....U}L..... B...y.5...$.T..........s...%k.......@QW..`........%r.&....5.2....3..2Q...j3.....I..HMw.._...@.p.....A,.X.M@.ST.D..%..W.....Lhl..,..D. e..Bh). n.......f=}n_.{v.&+Q.0.e.202.$]R. R.d.,..(b.X.N.)....W..cD..M7W....]gy.........1.a..PH...D..\...-.%sl.!:.7$hHA%4HA e...B..2.T@z.....Tf.o...V ...@. .)(9.....PH.u..3^Y..m.. fB...J... 3L.A.=..S..IZ....t....J.........H....J&.P.. . <.:.,.`IGM=..

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\optionslogoicon

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 48x48, 32 bits/pixel
                  Category:dropped
                  Size (bytes):14574
                  Entropy (8bit):5.314402751771045
                  Encrypted:false
                  SSDEEP:192:H9R53Ya0k3f6VfxJWSDL/jh7JRSdWpOWR9b0p6Bekh7SZVzzz+zwhYbhUY:dRSaJP6VJTDZlRSoxD0p6IkalAztUY
                  MD5:1791161295A8385E85B82A8C60B47A5C
                  SHA1:8A715DA629DB0151D537E0E909E3C1141FCA6A23
                  SHA-256:AFEF25522F3973F2BE6059B021C6AC62359A2FDEE782471EAC130394BD4F5B28
                  SHA-512:B04D580240CBDE64B8F57ACA1BA7C0777988C8BDF6FCAAAEEB5142E3DAF9CF2E64A8DC2E4EE3A1BA69621330360B2548B1E46BD546D36187DF7803FA50052860
                  Malicious:false
                  Preview:......00..........6...00.... ..%............ .h....4..(...0...`...................................KKK._\U.[[[.lll.rrr.vvv.zzz.}}}..vW...[.....0..7..9..>...Y...U...X...Z...b...h...p...{...b...a...d...b..B..G..@..E..L..T..E..K..L..Q..V..[..Y..n..a..b..e..l..i...r...u...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\prereqlogoicon

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 48x48, 32 bits/pixel
                  Category:dropped
                  Size (bytes):14574
                  Entropy (8bit):5.09532307002792
                  Encrypted:false
                  SSDEEP:384:UgcygUq/Wxc3o88YuN6FfEoJJz5R31kpgb:q71Wx7Hm
                  MD5:CB5BF779DC306B354301F0D6B0EC2397
                  SHA1:8021741081DB5E2C3070C6BE87943687D1A33A9A
                  SHA-256:85389374087AD3AD75268F24A41005CC6EF8CB187ABADAF9E4CAD36560D0928C
                  SHA-512:42A1622C1E95685B9273E74B69102A4F03119DC421DAA218D1DC4C25BFAE2FB360120536BCF64797E88759266884A06A7052F6A00834C88858C93465CA29ECF7
                  Malicious:false
                  Preview:......00..........6...00.... ..%............ .h....4..(...0...`...........................................>4..%%%..--.0/..211.432.443.654.877.887.:98.=<;.>==.G:..H;..I<..J=..L?..E<#.@??..c,..e-..h...i2..j4..m7..q2..{2..|5..r9..}?.M@..NA!.NA$.K@+.PC".PD".RE$.TF'.TG(.2jK.!uF.@@@.DCB.EDC.FEF.IGG.IHG.JIH.LKJ.JJM.MLM.PON.QPO.TSR.XWV.YXW.]\Z.EiU.a`^.nnn.csj.ppp.ssu.vvv.vvy.xxy..b...e...h...i...l...n...p...r...r...t...v...y...x...y...{...}...i?...>...:...G...Q...I...C...@...U...`...h...u.K.i.W.s.].x...Q...Q...W...^...b...h...n...g...k...l...s...d...f...a...m...z..........................................."...#...8...=......."..%..&..(..*..-...1..0..1..5..7...8..8...?..8..7..9..=...O..Q..@..B..D..F..H..I..M..T..P..Q..V..U..Z..Y..Y..]..]..R..U..X..]..Z..]..a..a..a..f..d..e..i..l..b..e..j..m..a..`..a..e..g..e..i..i..i..m..m..m..j..l.i...r...x...|................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\printico

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 32x32, 32 bits/pixel
                  Category:dropped
                  Size (bytes):6518
                  Entropy (8bit):5.116636834496781
                  Encrypted:false
                  SSDEEP:192:BwNqZ+HxIbqiMhQ8iRG8ERC136363636K:BqqZGRiRPCC0
                  MD5:BDC280616F9670F41C57C16BF08E8387
                  SHA1:48F574183BB500CD1808BAC20A25CFC82C05E482
                  SHA-256:6E5C2E9E923569F943E9F8A86EE5023034B3DB1F6434118A0D95F429F90FFBE7
                  SHA-512:EC3E5C0E6306773A3700889C2B19D6DD8EFF54F73C1BF3C7CF239807FA1B512DDE7E30D486FCD78130090125A21E2401EB0E8B7667C992863CF7FD52B11CA2C7
                  Malicious:false
                  Preview:...... ..........&... .... .........(... ...@...................................FEE.JJJ.MLL._UL.RQQ.ZZY.]]\.``_.uk^.}kZ.baa.mml.qhh.tkk.rnn.zoh.ypp.|tt.~~}..q^..ta..wd..zn..{h..~l.......p...t...y...}...}...{...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\removico

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 5 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel
                  Category:dropped
                  Size (bytes):21598
                  Entropy (8bit):3.72201218194023
                  Encrypted:false
                  SSDEEP:192:1zCObveDreVlref52+II4jq3ckJTgPfipj0gLlRqiNgF5IGD0pMb/Z:1z1veDreVX+wjqqq/LlVN1GIpW/Z
                  MD5:299AA97601873786E924B17223257D14
                  SHA1:E2F7DBBD7B59D69F4499029E40D3C6F559B5F632
                  SHA-256:DBA117A25F8AFE1A3AACA4AE830D7A6BA982FDA3D543FD438515AB788643E4AE
                  SHA-512:15AF787E74D4AF5896B73979C81DE93B3DB97B407322A929061583EA9F77609D0DB61C54CF69A2A522F4D635A0931A804FE1EC036FEF5544E3101C520AAEEC1C
                  Malicious:false
                  Preview:......00......h...V...00.............. ..........f...00.... ..%...... .... ......C..(...0...`....................................................................................................................................................p.....................y.......................y..p....................y......................wy................p.....wy................p.....wy......................ww...p...........w......ww...p...................wy......................wy.............yp.......ww......................wwy..p........y..........ww..p...................ww............p..........wy......................ww..p...................wwy......................ww.........p............wwy.p....................ww......................wwy.p....p...............ww.wy...................wwy......................wy....p.................y.......................y............................p.................q.....p.......................w......................y.p..............q.....ww.w..

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\repairic

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 4 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                  Category:dropped
                  Size (bytes):19942
                  Entropy (8bit):6.307028314098947
                  Encrypted:false
                  SSDEEP:384:jLGJlpUiY4vIiR59ypEf4Bloa81URvkKTtSYX9tYuYMRzOcyRM4VG9j2RW4XljaG:jglp6DSwEQBlosmKLPYuzzOnRVGZUW4p
                  MD5:2ED3D45BC22B79DB09136513AED402DD
                  SHA1:8B2324CBFF902B85E349D61E46D9F88170B6BEDE
                  SHA-256:4A8FA6335720D3E4F464AF244364923E741605B8AD3E1E28411F494E95EC11E4
                  SHA-512:3AE91AE1FF3F460D5677C1AE636C0A0E5525AD2B88DE635FC57D48B5FE78747D3B7DD7683597DA9AC344F1E8884B10124C8DC3DE54E1581921AAC8734F3947F3
                  Malicious:false
                  Preview:......00..........F... ..............00.... ..%...... .... .....>=..(...0...`...................................r?..uA..yF..~J..yL..}S..hG#.{S$.OOO.QQQ.ZWQ.\\].b]R.ca].qgR.qfZ.^_`.abb.njb.mml.snc.~vl.uus.}}}..L...N...P...U...Q...T...Y...Z...V...Y...S...[...Y...\...g...`...f...j...s...s...j...q...v...z...{...\#..]"..])..a)..i%..e>..h8..f1..i3..o3..m;..q6..n%..w#..y$..z4..oN..sG..yF..xR..z^..zS..|G...R..tg..yf...m..~z.......&...;...9.....+..-..3..3..;..;...X...I...I...G...L...R...S...V...R...[..._...[...Z...i...a...k...w...~...x...|...~...e...`...m...b...a...d...d...j...l...k...y...v...v...}...}..G..A..[..F..H..Q..[..[..\..L..X...e..i..e..g..u..z..s..r..s..{..z..h..u...i...a...x...t...{.................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\rtlobackground

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 600x29, components 3
                  Category:dropped
                  Size (bytes):5157
                  Entropy (8bit):7.786674290717775
                  Encrypted:false
                  SSDEEP:96:ZnujVIlxyq8FWFvNVX4eNRN9j82wyQpRC1ar94ityT:QOYRFaI0u2xQKi4z
                  MD5:1639D56B7A8E192820879BF49F5ED9EE
                  SHA1:0217734FF0829FECAAB23E41CBB4C5C6A8A79A15
                  SHA-256:14564C11E82CC8836F98DA64E1A973F0E7FDC894137E3FA49C4816FD6E273455
                  SHA-512:309FD89AD475AD71E6545E8709AA58365737ADDEEBD9576D38DF1AED8C4A9A09C92AAE2007BEB7364D80B934393371D9D1A7C013CDB18C76CEBB5F6B06BE6019
                  Malicious:false
                  Preview:......Exif..II*.................Ducky.......d......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:6674D68B272BDE1185729E47A30E431E" xmpMM:DocumentID="xmp.did:429C3D27B26111E7AC07CFFEB6586F4E" xmpMM:InstanceID="xmp.iid:429C3D26B26111E7AC07CFFEB6586F4E" xmp:CreatorTool="Adobe Photoshop CS4 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3b006139-8043-bd42-b03b-f3eb29ce49cf" stRef:documentID="adobe:docid:photoshop:98d497fb-b260-11e7-99a8-d75280bfd2e4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.........................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\rtloexitbackground

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 600x29, components 3
                  Category:dropped
                  Size (bytes):5163
                  Entropy (8bit):7.785429578841785
                  Encrypted:false
                  SSDEEP:96:/hNjVIlxyq8FWFvNVX4eNRN9j82wyQpRC1ar94ityT:NOYRFaI0u2xQKi4z
                  MD5:BC248F2A852C56FBF317A1D94343DC5B
                  SHA1:E146F4ADF572A110A5BF595A5D76F49F0A52A6A6
                  SHA-256:EB43EBD03ECFA0A2666FDC2A44713A4D37A2F8E6382FE4FAFBE671B4BF6B3DCD
                  SHA-512:779C150C3450625412DF115CB0C7B47EF4DDC91FE57DD0BBC7608A6AE01C4BC81B9DE3162D32BF7575C454078C7D7C1BC25843C27749138BD582064503734390
                  Malicious:false
                  Preview:......Exif..II*.................Ducky.......d......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:6674D68B272BDE1185729E47A30E431E" xmpMM:DocumentID="xmp.did:30530D7DB30E11E7A0A98322205D38EB" xmpMM:InstanceID="xmp.iid:30530D7CB30E11E7A0A98322205D38EB" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3b006139-8043-bd42-b03b-f3eb29ce49cf" stRef:documentID="adobe:docid:photoshop:98d497fb-b260-11e7-99a8-d75280bfd2e4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_close_down.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 27 x 17 x 24, image size 1430, resolution 3778 x 3778 px/m, cbSize 1484, bits offset 54
                  Category:dropped
                  Size (bytes):1484
                  Entropy (8bit):5.254242057812137
                  Encrypted:false
                  SSDEEP:24:2EjjjAGjjjj+rwxry522T/sKKKCKKKNBZ222222222222222222220:hjjjAGjjjaki22T/v22222222222222W
                  MD5:F393F88659D4770DCBB93BB7FE8D33E2
                  SHA1:D50B7340CF600FC42E25CF4C73EA0F9EAE5A3F67
                  SHA-256:5CC4013053F37109CCB730857042B3D27599292CDD521F4D4E06C8EC6E175835
                  SHA-512:FBCB06D35BB15C5CCAB08402E7D6F3BD63B885B2F3A5EC7D27E2C1CB8122247F368144D2BAC80EB918B85415F9059AF9D1794AA872E8126A52D90C0A104A65B1
                  Malicious:false
                  Preview:BM........6...(..............................................................................................................................VV.||.||.||.||.||.||.||.||.||.||.||.||.||.||.||.||.||.||.||.||.||.||.||.VV..........kk......................................................................kk..........ii......................................................................ii..........ii...................##.##.......##....##.......##.##...................ii..........jj...............................##....##..........##...................jj..........ll..................................##..........##......................ll..........nn.!!.!!.!!.!!.!!.!!.!!....##................##....!!.!!.!!.!!.!!.!!.!!.nn..........rr.&&.&&.&&.&&.&&.&&.&&.&&....##..........##....&&.&&.&&.&&.&&.&&.&&.&&.rr..........uu.++.++.++.++.++.++.++.!!.##................##.##.++.++.++.++.++.++.++.uu..........xx.00.00.00.00.00.00.''.##..........##..........##.++.00.00.00.00.00.00.xx..........||.66.66.66.66.66.6

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_close_hot.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 27 x 17 x 24, image size 1430, resolution 3778 x 3778 px/m, cbSize 1484, bits offset 54
                  Category:dropped
                  Size (bytes):1484
                  Entropy (8bit):5.47851229739527
                  Encrypted:false
                  SSDEEP:12:mtORb1060Uo2hN/aeeurITeee/WEfHHH8ZPSYA333eU3333jQOrqMQcasggggggy:37hN/1rI1Evn8AYA333h333jQOrqMpE
                  MD5:918AE349668D59E57FFDB0F003F9F82A
                  SHA1:EC4E1F80ED0BAB44845661741D9BAF8720D149B8
                  SHA-256:3612EB0842801333B7BEC1212B5D5CFEADB25B1DDA58EFEEB9538D4B67F60F6F
                  SHA-512:5C0F749FC1EFA6CD3BA1081321F3F8C95C0EE5CCF936682067A63060B81CCF6BCB2049AE38B743AC6B5A3833D1D6E2F527F67A1D6897438D93B700B8E01F875A
                  Malicious:false
                  Preview:BM........6...(..........................................<.p(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a(.a<.p......?.rg`................................................g`.?.r...(.a...;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;...(.a...(.a...;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;.;;...(.a...(.a...>>.>>.>>.>>.>>.>>.##.##.......##.>>.##.......##.##.>>.>>.>>.>>.>>.>>...(.a...(.a...DD.DD.DD.DD.DD.CC.............##.((.##..........##.DD.DD.DD.DD.DD.DD...(.a...(.a...KK.KK.KK.KK.KK.KK.;;.............##..........##.==.KK.KK.KK.KK.KK.KK...(.a...(.a...SS.SS.SS.SS.SS.SS.SS.::.##................##.==.SS.SS.SS.SS.SS.SS.SS...(.a...(.a...[[.[[.[[.[[.[[.[[.[[.[[.::.##..........##.==.[[.[[.[[.[[.[[.[[.[[.[[...(.a...(.a...dd.dd.dd.dd.dd.dd.dd.EE.##................##.KK.dd.dd.dd.dd.dd.dd.dd....(.a...(.a...mm.mm.mm.mm.mm.mm.SS.##..........##..........##.]].mm.mm.mm.mm.mm.mm..(.a...(.a...vv.vv.vv.vv.vv.u

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_close_inactive.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 27 x 17 x 24, image size 1430, resolution 3778 x 3778 px/m, cbSize 1484, bits offset 54
                  Category:dropped
                  Size (bytes):1484
                  Entropy (8bit):1.6997952425299336
                  Encrypted:false
                  SSDEEP:12:mtOQPPPPXwRkRz4R4zQRBc2I8Z6g8T2Too8Tn8TyXPPP4:faGHy8Z58T2Tx8Tn8TV
                  MD5:56E8BF98C30DA526B6299C43CA65BAFA
                  SHA1:E2F395C7E03260D173A95CA49D918E403D49892D
                  SHA-256:2CDCD397B4C817ED5B84B3E501E24A7A2C20E8B8030A2104AA94CB43786F8D30
                  SHA-512:6C05CB257FB62A9503E031A347436FD97D1234C601CE8F493EA460B1A320BE7D0488FAB26759DF5268EB89B33370004158246010FA63126C4B63DE42CEC43F5A
                  Malicious:false
                  Preview:BM........6...(................................................................................................................................................................................................................................................................................................................................................................................................................>.>.>.>.>....>.>.>.>.>....................................................>.......>....>.......>.......................................................>.......>.......>.............................................................>...........>...................................................................>.......>...................................................................>................>.............................................................>..........>..........>....................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_close_normal.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 27 x 17 x 24, image size 1430, resolution 3778 x 3778 px/m, cbSize 1484, bits offset 54
                  Category:dropped
                  Size (bytes):1484
                  Entropy (8bit):1.7149898893414623
                  Encrypted:false
                  SSDEEP:12:mtOQPPPPHla0la4CmbmY6m+Ki0wkjObWODwkDPPP4:y3oiShSAWiwv
                  MD5:64E139C0861C42464B1C44479EDF4BA0
                  SHA1:1E8EE7B62C7FE5DF93D680B1216353C910419CEC
                  SHA-256:47680E024FD918A3E3C8DACB06A7B4F76393DC870C90DD23369609119A9CD941
                  SHA-512:C23867CFF8138CD63CA6FFA17BB01F496350EFE60BC7A44B7EC7E3EA9E089BA3C2D3BE379E5957FDB9F19840C4484EB17B8320F470355348AF1E3EC8623782C8
                  Malicious:false
                  Preview:BM........6...(................................................................................................................................................................................................................................................................................................................................................................................................................J..J..J..J..J.....J..J..J..J..J.....................................................J.......J.....J.......J........................................................J.......J.......J..............................................................J...........J....................................................................J.......J....................................................................w.................w..............................................................w...........w...........w.....................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_min_down.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 27 x 17 x 24, image size 1430, resolution 3778 x 3778 px/m, cbSize 1484, bits offset 54
                  Category:dropped
                  Size (bytes):1484
                  Entropy (8bit):5.740188917005376
                  Encrypted:false
                  SSDEEP:24:Ntl55555555hxnLLLLLL0/GiHON55555555tssssssssssssssssssssfsysysyy:Ntl55555555jnLLLLLLViHON5555555E
                  MD5:D7A65DB0708A4F07D167F75D2974FBC8
                  SHA1:C9F14403010A342C15B7B9B409D9ED5423D1A9C5
                  SHA-256:08A345FEB30A7CBFBDACF0D6758A410A762ECD1B9B23E101819711E7494EEE18
                  SHA-512:9113708BF77CCA7D8E06FAC371F503542E1EE227E1928152DFFDAA6688654CD552AC331667C68DBF0FED1DE43F1BB6DDDF72F37F931A7DD12CB2E39EFD625E75
                  Malicious:false
                  Preview:BM........6...(...........................................a2.k..k..k..k..k..k..k..k..k..k..k..k..k..k..k..k..k..k..k..k..k..k..k..a2.......`5.O.e.e.e.e.e.e.e.e.e.e.e.e.e.e.e.e.e.e.e.e.e.e.e.O.`5....k..a.o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..a.k.....k..a.o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..o..a.k.....k..a.o..o..o..o..o..o..{..{..{..{..{..{..{..{..{..{..{..o..o..o..o..o..o..a.k.....k..e.t..t..t..t..t..t..{............................{..t..t..t..t..t..t..e.k.....k..k.z..z..z..z..z..z..{............................{..z..z..z..z..z..z..k.k.....k..s..(..(..(..(..(..(.{.............................{...(..(..(..(..(..(.s.k.....k..|.5.5.5.5.5.5.{..{..{..{..{..{..{..{..{..{..{..5.5.5.5.5.5.|.k.....k....C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C...k.....k.....R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R.R....k.....k....a.a.a.a.a.

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_min_hot.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 27 x 17 x 24, image size 1430, resolution 3778 x 3778 px/m, cbSize 1484, bits offset 54
                  Category:dropped
                  Size (bytes):1484
                  Entropy (8bit):5.811361360910699
                  Encrypted:false
                  SSDEEP:24:E44444444444444444444ssTpKt55555555cdLLLLLL7nezezezeCqWNezezezeI:0dM55555555cdLLLLLLLssspsssXc55o
                  MD5:09C1F9B6C28BBEB57DDFAAD001A38308
                  SHA1:7A23076D7B8A2231503ECB27179B99EC33E0528A
                  SHA-256:7AF54C2B3B57BEA4E748688F1219D34E10FEB90A032A391AEC6C37FC842F2B41
                  SHA-512:0704F58E0FDE71C50C392BF4402737DA8BAB3F37E990398E9EE62F054A4F0846421E5578C57E11159E54CF91BC6D68601024F1F6D86B0E6537BFE634AC4AA74D
                  Malicious:false
                  Preview:BM........6...(...........................................o6.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.{!.o6.......n9.s...............................................s.n9....{!....b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b....{!....{!...h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h...{!....{!...n.n.n.n.n.n.{..{..{..{..{..{..{..{..{..{..{..n.n.n.n.n.n...{!....{!...u.u.u.u.u.u.{............................{..u.u.u.u.u.u...{!....{!...|.|.|.|.|.|.{............................{..|.|.|.|.|.|...{!....{!...............{.............................{................{!....{!.........{..{..{..{..{..{..{..{..{..{..{..........{!....{!...................................................{!....{!...................................................{!....{!..............

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_min_inactive.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 27 x 17 x 24, image size 1430, resolution 3778 x 3778 px/m, cbSize 1484, bits offset 54
                  Category:dropped
                  Size (bytes):1484
                  Entropy (8bit):1.648511166583567
                  Encrypted:false
                  SSDEEP:6:mlU0OxmPPPPdOKA4dOYM9dOaS+qdOaQ+qdOKA4PPPPPPP4n:mtOQPPPPdtdyd1S+qd1+dtPPPPPPP4
                  MD5:8ABEDCA8BFC5F6AD09FFA53690F6D880
                  SHA1:A33A152FA37EFFEEFD04FBDF3B7F6743CD1721C9
                  SHA-256:BDB80FA8E0F194464C494D05088FD231C04C80944DF123C2F9B1134F6F693940
                  SHA-512:C2E68762B455BCF8634850E62B27836B1E98A22F15A41E5F4BF6FFB27CC9EDED7DEF2ECBF4233CD9385C3699423D82E6C3A4ACB071172DF45F14C7B9B7E40D15
                  Malicious:false
                  Preview:BM........6...(.................................................................................................................................................................................................................................................................................................................................................................................................................[..[..[..[..[..[..[..[..[..[..[.....................................................[............................[.....................................................[...................[.....................................................[.............................[.....................................................[..[..[..[..[..[..[..[..[..[..[.........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\sys_min_normal.bmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 27 x 17 x 24, image size 1430, resolution 3778 x 3778 px/m, cbSize 1484, bits offset 54
                  Category:dropped
                  Size (bytes):1484
                  Entropy (8bit):1.6485111665835668
                  Encrypted:false
                  SSDEEP:12:mtOQPPPPj55555555pjQLLLLLLeHg32j55555555pPPPPPPP4:e55555555BQLLLLLLggq55555555u
                  MD5:0E6DA0BB265F2F3EFBF1FF9C0C943DBA
                  SHA1:F1783685D2A949BA0DEDC59D07698E88083284D9
                  SHA-256:44F1A6729C7B13D0244ADD72775E32980BBF7D082E64F83CE71D2E10C9E96394
                  SHA-512:00AD8BE25EF2DAD6CCAC61FFE2BF9FAFFD46F02B33B730023ED9EE5C8CC9C5FE8A775945FE874EFB0BA786D1C240D524D1AFD8C093151A93EE4B683C9D237F21
                  Malicious:false
                  Preview:BM........6...(................................................................................................................................................................................................................................................................................................................................................................................................................{..{..{..{..{..{..{..{..{..{..{.....................................................{............................{.....................................................{............................{.....................................................{.............................{.....................................................{..{..{..{..{..{..{..{..{..{..{..........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\tabback

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PC bitmap, Windows 3.x format, 1 x 200 x 24, cbSize 854, bits offset 54
                  Category:dropped
                  Size (bytes):854
                  Entropy (8bit):3.802531598764924
                  Encrypted:false
                  SSDEEP:24:kUGGGGGGGGjg/QUVdLbCKKKKKKWqqqqqqr:kGUVdnCKKKKKKWqqqqqqr
                  MD5:4C3DDA35E23D44E273D82F7F4C38470A
                  SHA1:B62BC59F3EED29D3509C7908DA72041BD9495178
                  SHA-256:E728F79439E07DF1AFBCF03E8788FA0B8B08CF459DB31FC8568BC511BF799537
                  SHA-512:AB27A59ECCDCAAB420B6E498F43FDFE857645E5DA8E88D3CFD0E12FE96B3BB8A5285515688C7EEC838BBE6C2A40EA7742A9763CF5438D740756905515D9B0CC5
                  Malicious:false
                  Preview:BMV.......6...(.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\waitlogoicon

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:MS Windows icon resource - 2 icons, 48x48, 8 bits/pixel, 48x48, 32 bits/pixel
                  Category:dropped
                  Size (bytes):13430
                  Entropy (8bit):4.460762662440214
                  Encrypted:false
                  SSDEEP:96:5Z9z9ATOwu8FjK/kIiZHFzzzzzzzzzzzzzzzzzzzzzzzzzzz8ACroD3xgp9sFoe7:d9ATOCNIiZHy3eM9sFoe1es6jqOMH
                  MD5:3446EB64A3A4639003C0F6941A3254C6
                  SHA1:D51159EE40B02A5EDB9B115E78CC132D6E35E00B
                  SHA-256:CEA275DBB399BB7BDBB747511CF0316C699221D82EA075D65E4F5688B5EB4831
                  SHA-512:2E019E66BB2EE3055CE3D066CAE2494B2E7EBCB500D4D4F71D0955D3D11F91371977BE94DB453A2CF43680A9E46ECDF2A53CBFE106A744D27B60AB944C753027
                  Malicious:false
                  Preview:......00..........&...00.... ..%......(...0...`...................................1...3...9...?...@...B...C!..C#..E%..H&..I(..K"..K,..M,..P/..T-..S2..P1..V6..V7..Y1..X9..a:..O*(.W. ._7!.]=!.Z<$.W3..d=$.b:).`<5.^A).`@$.cD*.dD(.hA(.lC*.lD+.fH..hH,.qI..vR,.lL0.oH4.jN6.hE;.vM1.oP4.lP:.lR=.qR6.zQ4.|S4.~U5.}Z5.pR8.sT8.pT<.wX<.qNA.pVA.|V@.u[D.{]A.~\M.~`D.{`I.~bH.zaM..W6..c?..cF..fG..eH..fN..dL..jM..lJ..kL..eS..nQ..nY..sZ..rU..uT..rZ..wY..p]..yZ..{]..~^..va..wd..y`...b..{f..|i...j...o...o...o...r...q...t...~...f...f...i...h...j...m...i...l...n...p...p...~...r...t...v...}...x...|.......q...s...t...u...w...y...~...}...................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3408\whitebackground

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 400x300, components 3
                  Category:dropped
                  Size (bytes):1728
                  Entropy (8bit):0.9300953826985205
                  Encrypted:false
                  SSDEEP:3:nSullBbs1lQQp/yEDpeknmRmm8dmM0+Et3/llE//WmskX8n:3ll7QzDkmm8dmM0R3/lly/Wmsj
                  MD5:EB93C0ABAE8A7DE7AE6DC3755B12C802
                  SHA1:5E288B9AD93663887681F577B8129DCD9B988062
                  SHA-256:EDA260871BBA09273B71A165DC8B4F254B186046AB383722DC2D8803FA698725
                  SHA-512:6B1A9C98A16DC19D417FE7B6DB6B4698036CACB6570816B063341F489B56CDC54769C07337488AA68FA8D9B39FDCCF04C7DFB4C8EBE536ACDF3FA7DE1464BC85
                  Malicious:false
                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................,...............K.....................................................................................?..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSI527C.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSI5319.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSID8BD.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSID94B.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):879584
                  Entropy (8bit):6.450132498435709
                  Encrypted:false
                  SSDEEP:24576:Vzn8s0t0va/0jt3y0Fq151W8KeCUr7SCHVxF91dJxm:Vjxxvs0jt3y0Fq151WuCUr7SCHVxF91o
                  MD5:512422B1F824D2D0E9C2507469F49476
                  SHA1:03D4E9B61E21011E50B544E361CE89CA47593998
                  SHA-256:E626DF8646359F02EE259B032EA4C34715D5677DA3D70273D02741C061DD6FBB
                  SHA-512:3B2DEDC10F6BC7F437E64C1A375C52DAE77CA6BB515846164C826AB33587E9A9EFCFD559C967FD57A1A5887E4C771352F571E9B38EC6F6FB9C05EA183263FB1F
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........[..................u...............................................................I.....!...........Rich...................PE..L...G..`.........."!................................................................nq....@.............................t............................R..........$...X}..p....................~.......}..@............................................text............................... ..`.rdata..8...........................@..@.data...\...........................@....rsrc................`..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSIDD63.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSIDDA2.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSIDDD2.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSIDE02.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSIDE70.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):879584
                  Entropy (8bit):6.450132498435709
                  Encrypted:false
                  SSDEEP:24576:Vzn8s0t0va/0jt3y0Fq151W8KeCUr7SCHVxF91dJxm:Vjxxvs0jt3y0Fq151WuCUr7SCHVxF91o
                  MD5:512422B1F824D2D0E9C2507469F49476
                  SHA1:03D4E9B61E21011E50B544E361CE89CA47593998
                  SHA-256:E626DF8646359F02EE259B032EA4C34715D5677DA3D70273D02741C061DD6FBB
                  SHA-512:3B2DEDC10F6BC7F437E64C1A375C52DAE77CA6BB515846164C826AB33587E9A9EFCFD559C967FD57A1A5887E4C771352F571E9B38EC6F6FB9C05EA183263FB1F
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........[..................u...............................................................I.....!...........Rich...................PE..L...G..`.........."!................................................................nq....@.............................t............................R..........$...X}..p....................~.......}..@............................................text............................... ..`.rdata..8...........................@..@.data...\...........................@....rsrc................`..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSIDEC0.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):582624
                  Entropy (8bit):6.415613552883944
                  Encrypted:false
                  SSDEEP:12288:ouyrLzmZns/b8CCL8f1ViCC7jKwem1j36ZK9CAmzDebZlVlD1FM6w4h:ouy3E89I71ecK85hVZHM6w4h
                  MD5:BB1D68AA6BF943FBD841C1E1695553FE
                  SHA1:BECF40DA1DCABE97CABABB6C7FF6A74CB6DE1C9B
                  SHA-256:B2CE736EC48D6E9247074FBCEC33246AAD61F4D3AC2007AC4D8BC74FFB8C1342
                  SHA-512:8CB6B2DF8D9163F2D0E5CBE128C9C33120C9358C2B453FE2B0B63F1919B731E856C3121AF305C916F80B2DDC9ECA23201B47151535A8211EAE40602A5CCC5BE8
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........RDD.<.D.<.D.<.P.?.I.<.P.9...<...8.U.<...?.S.<.P.8.S.<...9...<.P.:.E.<.P.=.S.<.D.=.{.<...5...<...<.E.<.....E.<.D..E.<...>.E.<.RichD.<.........PE..L......`.........."!.....D..........p7.......`............................................@.........................``......|a..........h........................X..X...p...........................hs..@............`......$^..@....................text....B.......D.................. ..`.rdata..|....`.......H..............@..@.data................\..............@....rsrc...h............j..............@..@.reloc...X.......Z...p..............@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSIDEE0.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSIDF1F.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\WPF\xyjbgu1s.qgz

                  Download File
                  Process:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe
                  File Type:MS Windows cursor resource - 1 icon, 32x32, hotspot @17x18
                  Category:dropped
                  Size (bytes):4286
                  Entropy (8bit):2.676691915576555
                  Encrypted:false
                  SSDEEP:24:FInRYRMel9WkPaaecMMMa7AldlJkLoLH2LBLYLYLYG+Gf/l0cLD0OLS3:T+k2TXiqbOs
                  MD5:34F02B2D1D8065C1A298C348C5376F2D
                  SHA1:8A235C97C4EAE5646E72A9B13ECB04C678F25BA0
                  SHA-256:A0D7D99C13CE5CCEE7FE7E1E214EE38A4DC9C66257C3218BAF776FCEAAF71680
                  SHA-512:3B1481238344C3C270CB8095AD82CC522971ADB3EF881DC9D9228CF46A421360E8CA5A8028C409F0D40356F7453AFA533E9F6C8FC410893D4D04BBB3DAB6E954
                  Malicious:false
                  Preview:...... ..............(... ...@..... ........................................................................`...............................P.......................................................................................oR.o...m-..m-..m-..m-..m-..m-..o....|b.......`...................................................................@...H#..bC........................................H#..bC........ .......................................................`....H#.........................................................x;.........0...............................................0....U3..................................................................H#.....................................................H#.........................................................................H#............................................0.|b..............................................................................bC...........................................p.H#...................

                  C:\Users\user\AppData\Local\Temp\shi20F1.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):5029376
                  Entropy (8bit):6.043966698117163
                  Encrypted:false
                  SSDEEP:49152:g8K9SHC3eUPxT0YiBphmS3ECuqOcXQ5WJ0yk5/oeppK5+X5TqVAMPLfByim8bs7q:gw+TKhmPCAoxjVAbiT
                  MD5:4E355F8ABA069B8EC0316F0D914C1B25
                  SHA1:22993A98AB9F427013787C742BB332AB459FEAD4
                  SHA-256:309D867526B22682C7FCC74FCA264A4314C2382508DB0B297FBB00390687739B
                  SHA-512:0A1CD8C43A6C356ED93CFC5A5B95C110DECBA2756C231627A573158F41011379545650AB1364ECFE0022C7A13E8D7A84A52AF5A7F624B496756799BFF8C3AA19
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OM...#...#...#..V....#..E ...#..E"...#..E&...#...".W,#..E'...#..E#...#..E.../#..E...#..E!...#.Rich..#.........PE..d...hu............" .........@...............................................0M.....`.M...`A........................................P.H.L&....H.......K.H....pI...............M.....P.:.p................... ...(...0...............`.......L.H......................text....%.......&.................. ..`.wpp_sf......@.......*.............. ..`.rdata...M*......N*.................@..@.data....C... I.......I.............@....pdata.......pI.......I.............@..@.didat........K.......J.............@....rsrc...H.....K.......J.............@..@.reloc........M.. ....L.............@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\shiD7E2.tmp

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):5029376
                  Entropy (8bit):6.043966698117163
                  Encrypted:false
                  SSDEEP:49152:g8K9SHC3eUPxT0YiBphmS3ECuqOcXQ5WJ0yk5/oeppK5+X5TqVAMPLfByim8bs7q:gw+TKhmPCAoxjVAbiT
                  MD5:4E355F8ABA069B8EC0316F0D914C1B25
                  SHA1:22993A98AB9F427013787C742BB332AB459FEAD4
                  SHA-256:309D867526B22682C7FCC74FCA264A4314C2382508DB0B297FBB00390687739B
                  SHA-512:0A1CD8C43A6C356ED93CFC5A5B95C110DECBA2756C231627A573158F41011379545650AB1364ECFE0022C7A13E8D7A84A52AF5A7F624B496756799BFF8C3AA19
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OM...#...#...#..V....#..E ...#..E"...#..E&...#...".W,#..E'...#..E#...#..E.../#..E...#..E!...#.Rich..#.........PE..d...hu............" .........@...............................................0M.....`.M...`A........................................P.H.L&....H.......K.H....pI...............M.....P.:.p................... ...(...0...............`.......L.H......................text....%.......&.................. ..`.wpp_sf......@.......*.............. ..`.rdata...M*......N*.................@..@.data....C... I.......I.............@....pdata.......pI.......I.............@..@.didat........K.......J.............@....rsrc...H.....K.......J.............@..@.reloc........M.. ....L.............@..B................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\ReefMasterSonarViewer1.1.42.aiui

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):2481176
                  Entropy (8bit):6.100333901416379
                  Encrypted:false
                  SSDEEP:49152:Av9xJSbZqueIWHIX0YQdGMuFMAMc9mqIHEMY3SvV29rUYJTDSE8mjPiHH9O:m9xJSbhWHIX0YQdGMup9mqIkllT
                  MD5:DC3681F8C976FAA5715EE4D176C3492E
                  SHA1:8452A4F02C13AF84DDE5E301CC86BFF2E2AE9FBD
                  SHA-256:F11B529F53F772B78065E26C4591218F96749F91CF948765E65EFB0EC6BB38B2
                  SHA-512:EE8D0E515E1A6CA96FB41134ED6993B33DC3C4C6B86EDCDC9BD2A28C0E9F7E2B8AB97E668E03C727749115CB5FFCAAE4BB3434D7AB31BAB3ADF60E49931619A8
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u.."1..q1..q1..q%..p<..q%..p...q%..p0..qc..p"..qc..p&..qc..pS..q%..p(..q%..p2..q%..p0..q1..q...qg..p...qg..q0..q1.zq0..qg..p0..qRich1..q........PE..L......`.........."......`...T......Q........p....@...........................%.....=W&...@..................................\..(........\..........8.%.."...@$. .......p...............................@............p.......3..`....................text...o_.......`.................. ..`.rdata.......p.......d..............@..@.data...xn...p...V...b..............@....rsrc....\.......^..................@..@.reloc.. ....@$.......$.............@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\ReefMasterSonarViewer1.1.42.msi

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {6C75B81B-981D-442D-A5A0-90A54B9CEE12}, Number of Words: 2, Subject: ReefMaster Sonar Viewer, Author: ReefMaster Software, Name of Creating Application: Advanced Installer 18.4 build dbc44dbf, Template: ;2057, Comments: This installer database contains the logic and data required to install ReefMaster Sonar Viewer., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                  Category:dropped
                  Size (bytes):2985984
                  Entropy (8bit):6.303297913708596
                  Encrypted:false
                  SSDEEP:49152:ylC4lMzxivVXmmjxxvs0jt3y0Fq151WuCUr7SCHVxF91dJxm5uyJ9MecKchVZHMs:2CdxAvs1151fCU6uyJ+edKF1x
                  MD5:6935DF02FD58049EE8176FD44A9ABB89
                  SHA1:82299610B613392E5AC35A10E58F50DE56B72EAB
                  SHA-256:A231F747CFE743967525843B1118DC1FCD04C93D2DA3B14EA3D45BA45FC7BE75
                  SHA-512:5A4B80FE80F4AFFD02C5BAF6714F06A6E56B8DBEE5040C39E1D6F8DA17880D578AB678144422C1270CAF15C797B131C2E972427E413846335D86F278CA530BB4
                  Malicious:false
                  Preview:......................>.......................................................d.......1.......r.......................................................................................N...O...P...Q...R...S...T...U...V.......................S...T...U...V...W...........................................................................................................................................................................................................................................................................).......................;...?................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......<...0...1...2...3...4...5...6...7...8...9...:.......=...>...H...@...U...A...B...C...D...E...F...G...K...I...J...R...L...M...N...O...P...Q.......S...T.......V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...3.......f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                  C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\ReefMasterSonarViewer1.1.421.cab

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:Microsoft Cabinet archive data, many, 16746799 bytes, 35 files, at 0x44 +A "DevComponents.WPF.Controls.dll" +A "DevComponents.WPF.Metro.dll", flags 0x4, ID 1234, number 1, extra bytes 20 in head, 1125 datablocks, 0x1 compression
                  Category:dropped
                  Size (bytes):16755791
                  Entropy (8bit):7.999357812472931
                  Encrypted:true
                  SSDEEP:393216:JEzZG1XgP0gEcyb7HzWt6zl4T+NAcemT+MqrWZ:JEsVgP0DX4G4ToAHmi3r8
                  MD5:AD86105490F00540B14C927E53DCA56C
                  SHA1:3C014B42E309B2F52143FD75EF8574CBA692E5F1
                  SHA-256:D1B01483B94171E1AFC312862D0B389D0FD35447AB339D657B44BAFE15CC7340
                  SHA-512:80E6F59045D4090F781F0B7F5E4FA7814E699FBA86F3E903868D00D201E47F326030CE1E4BB681EAF5E5F573E8E1A969B2D950F6E36BC32E8919DDFF1A3A3464
                  Malicious:false
                  Preview:MSCF..../.......D...........#.............../... #..............e...(..........Q.| .DevComponents.WPF.Controls.dll.(...(......Q.| .DevComponents.WPF.Metro.dll.(...P......Q.| .DevComponents.WpfRibbon.dll.....x./....D.. .DotSpatial.Positioning.dll.....x.5....Q.| .FileDb.dll..p..x.6...uT.M .ReefMaster.Core.dll..@..x.7...uT.M .ReefMaster.FileHandling.dll.....xY8...uT.M .ReefMaster.Models.dll..~..x#9...uT.M .ReefMaster.ViewModels.dll.....x.9...uT.M .ReefMasterSonarViewer.exe.....X.T...]E.. .SharpDX.D3DCompiler.dll.....XdU...]E.. .SharpDX.Direct3D11.dll..V..X.X...]E.. .SharpDX.Direct3D9.dll.....XX]...]E.. .SharpDX.dll..b..X.e...]E.. .SharpDX.DXGI.dll.....X>g...<Q`F .TurboActivate.dat.....-Ng...<Q.U .TurboActivate.dll......z...<Q.U .TurboActivate.exe.......~...<Q.U .TurboActivate64.dll.(m........Q.| .DevComponents.WpfEditors.dll...... ....uT.M .ReefMasterSonarViewer.resources.dll..,...N....uT.M .ReefMasterSonarViewer.resources.dll_1..,...z....uT.M .ReefMasterSonarViewer.resources.dll_2..(..

                  C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\holder0.aiph

                  Download File
                  Process:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):16755791
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3::
                  MD5:3D81EC9B1302D31FB966D2EA1F913D51
                  SHA1:8579CA2B58B000F69D0806BCD6FB58EFBEEE3D9F
                  SHA-256:1118D9A6F6CC5ABAE3462150FAB58CC3A32E40FBBBA6B6592F6A716862E3177A
                  SHA-512:DACE759D4F77C59DFEED79D51EBBAF7E83142A489F7E3994C915ABF5A2E6E3F04BE979E18288FC1B188BC963664970F988E3E02258B1CD6C17EA42419B54D167
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\Public\Desktop\ReefMaster Sonar Viewer.lnk

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Mon Mar 21 06:46:04 2022, mtime=Thu Apr 25 19:06:45 2024, atime=Mon Mar 21 06:46:04 2022, length=1775328, window=hide
                  Category:dropped
                  Size (bytes):1440
                  Entropy (8bit):4.501481288691746
                  Encrypted:false
                  SSDEEP:24:8tkw2dOEStsEQ9x/1wMmA4YaJuMCod9EcMLd9EyUU/kslesl/nyfm:8Ow2dOptlQ9Vd4YUCodm9LdmzcDRw
                  MD5:F8D4831DC080CFFFEAB5B55EC36461EE
                  SHA1:7B78F6D133C93B6C6A1F4FE27A178A71FF8B8FE4
                  SHA-256:EF35F355FC09572114E67D06275D5C5A5B01DAA00E3C6110F0DE5CC9D364FA67
                  SHA-512:93B6A7C449C87878EB64B1E696E2A63326408DA2909D1F77B9B3A2E0A6AECE835B563C0EEFBACCCC618F986E825A9AAD4C5BBA9C4BA241858086662ADE8D9B42
                  Malicious:false
                  Preview:L..................F.... ....Fv..<..b...L....Fv..<........................../....P.O. .:i.....+00.../C:\.....................1......X...PROGRA~2.........O.I.X..... t..............V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....p.1......X...REEFMA~1..X......X..X......4........................R.e.e.f.M.a.s.t.e.r. .S.o.f.t.w.a.r.e.....x.1......X...REEFMA~1..`......X..X......4.....................9..R.e.e.f.M.a.s.t.e.r. .S.o.n.a.r. .V.i.e.w.e.r.......2.....uT.= .REEFMA~1.EXE..d......uT.=.X......4........................R.e.e.f.M.a.s.t.e.r.S.o.n.a.r.V.i.e.w.e.r...e.x.e.......................-....................>.p.....C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe....R.e.e.f.M.a.s.t.e.r.S.o.n.a.r.V.i.e.w.e.r...e.x.e.b.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.e.e.f.M.a.s.t.e.r. .S.o.f.t.w.a.r.e.\.R.e.e.f.M.a.s.t.e.r. .S.o.n.a.r. .V.i.e.w.e.r.\.R.e.e.f.M.a.s.t.e.r.S.o.

                  C:\Windows\Installer\1402239.msi

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {6C75B81B-981D-442D-A5A0-90A54B9CEE12}, Number of Words: 2, Subject: ReefMaster Sonar Viewer, Author: ReefMaster Software, Name of Creating Application: Advanced Installer 18.4 build dbc44dbf, Template: ;2057, Comments: This installer database contains the logic and data required to install ReefMaster Sonar Viewer., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                  Category:dropped
                  Size (bytes):2985984
                  Entropy (8bit):6.303297913708596
                  Encrypted:false
                  SSDEEP:49152:ylC4lMzxivVXmmjxxvs0jt3y0Fq151WuCUr7SCHVxF91dJxm5uyJ9MecKchVZHMs:2CdxAvs1151fCU6uyJ+edKF1x
                  MD5:6935DF02FD58049EE8176FD44A9ABB89
                  SHA1:82299610B613392E5AC35A10E58F50DE56B72EAB
                  SHA-256:A231F747CFE743967525843B1118DC1FCD04C93D2DA3B14EA3D45BA45FC7BE75
                  SHA-512:5A4B80FE80F4AFFD02C5BAF6714F06A6E56B8DBEE5040C39E1D6F8DA17880D578AB678144422C1270CAF15C797B131C2E972427E413846335D86F278CA530BB4
                  Malicious:false
                  Preview:......................>.......................................................d.......1.......r.......................................................................................N...O...P...Q...R...S...T...U...V.......................S...T...U...V...W...........................................................................................................................................................................................................................................................................).......................;...?................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......<...0...1...2...3...4...5...6...7...8...9...:.......=...>...H...@...U...A...B...C...D...E...F...G...K...I...J...R...L...M...N...O...P...Q.......S...T.......V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...3.......f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                  C:\Windows\Installer\140223b.msi

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {6C75B81B-981D-442D-A5A0-90A54B9CEE12}, Number of Words: 2, Subject: ReefMaster Sonar Viewer, Author: ReefMaster Software, Name of Creating Application: Advanced Installer 18.4 build dbc44dbf, Template: ;2057, Comments: This installer database contains the logic and data required to install ReefMaster Sonar Viewer., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                  Category:dropped
                  Size (bytes):2985984
                  Entropy (8bit):6.303297913708596
                  Encrypted:false
                  SSDEEP:49152:ylC4lMzxivVXmmjxxvs0jt3y0Fq151WuCUr7SCHVxF91dJxm5uyJ9MecKchVZHMs:2CdxAvs1151fCU6uyJ+edKF1x
                  MD5:6935DF02FD58049EE8176FD44A9ABB89
                  SHA1:82299610B613392E5AC35A10E58F50DE56B72EAB
                  SHA-256:A231F747CFE743967525843B1118DC1FCD04C93D2DA3B14EA3D45BA45FC7BE75
                  SHA-512:5A4B80FE80F4AFFD02C5BAF6714F06A6E56B8DBEE5040C39E1D6F8DA17880D578AB678144422C1270CAF15C797B131C2E972427E413846335D86F278CA530BB4
                  Malicious:false
                  Preview:......................>.......................................................d.......1.......r.......................................................................................N...O...P...Q...R...S...T...U...V.......................S...T...U...V...W...........................................................................................................................................................................................................................................................................).......................;...?................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......<...0...1...2...3...4...5...6...7...8...9...:.......=...>...H...@...U...A...B...C...D...E...F...G...K...I...J...R...L...M...N...O...P...Q.......S...T.......V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...3.......f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                  C:\Windows\Installer\MSI2371.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSI23EF.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSI243E.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):582624
                  Entropy (8bit):6.415613552883944
                  Encrypted:false
                  SSDEEP:12288:ouyrLzmZns/b8CCL8f1ViCC7jKwem1j36ZK9CAmzDebZlVlD1FM6w4h:ouy3E89I71ecK85hVZHM6w4h
                  MD5:BB1D68AA6BF943FBD841C1E1695553FE
                  SHA1:BECF40DA1DCABE97CABABB6C7FF6A74CB6DE1C9B
                  SHA-256:B2CE736EC48D6E9247074FBCEC33246AAD61F4D3AC2007AC4D8BC74FFB8C1342
                  SHA-512:8CB6B2DF8D9163F2D0E5CBE128C9C33120C9358C2B453FE2B0B63F1919B731E856C3121AF305C916F80B2DDC9ECA23201B47151535A8211EAE40602A5CCC5BE8
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........RDD.<.D.<.D.<.P.?.I.<.P.9...<...8.U.<...?.S.<.P.8.S.<...9...<.P.:.E.<.P.=.S.<.D.=.{.<...5...<...<.E.<.....E.<.D..E.<...>.E.<.RichD.<.........PE..L......`.........."!.....D..........p7.......`............................................@.........................``......|a..........h........................X..X...p...........................hs..@............`......$^..@....................text....B.......D.................. ..`.rdata..|....`.......H..............@..@.data................\..............@....rsrc...h............j..............@..@.reloc...X.......Z...p..............@..B........................................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSI247E.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSI24CD.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):582624
                  Entropy (8bit):6.415613552883944
                  Encrypted:false
                  SSDEEP:12288:ouyrLzmZns/b8CCL8f1ViCC7jKwem1j36ZK9CAmzDebZlVlD1FM6w4h:ouy3E89I71ecK85hVZHM6w4h
                  MD5:BB1D68AA6BF943FBD841C1E1695553FE
                  SHA1:BECF40DA1DCABE97CABABB6C7FF6A74CB6DE1C9B
                  SHA-256:B2CE736EC48D6E9247074FBCEC33246AAD61F4D3AC2007AC4D8BC74FFB8C1342
                  SHA-512:8CB6B2DF8D9163F2D0E5CBE128C9C33120C9358C2B453FE2B0B63F1919B731E856C3121AF305C916F80B2DDC9ECA23201B47151535A8211EAE40602A5CCC5BE8
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........RDD.<.D.<.D.<.P.?.I.<.P.9...<...8.U.<...?.S.<.P.8.S.<...9...<.P.:.E.<.P.=.S.<.D.=.{.<...5...<...<.E.<.....E.<.D..E.<...>.E.<.RichD.<.........PE..L......`.........."!.....D..........p7.......`............................................@.........................``......|a..........h........................X..X...p...........................hs..@............`......$^..@....................text....B.......D.................. ..`.rdata..|....`.......H..............@..@.data................\..............@....rsrc...h............j..............@..@.reloc...X.......Z...p..............@..B........................................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSI27FB.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):389088
                  Entropy (8bit):6.407622461640331
                  Encrypted:false
                  SSDEEP:6144:oU31g3l9zvDqI11f/hdMDTSJIfLmoAOrvVKWsO+6Cd:z4lAIv/hdcXRpvVXCd
                  MD5:44A7B7525B79F0DEBF1B8E974FEDD351
                  SHA1:03BAF0D9DA00A2B9DFB0818D611956C3FF7B10EB
                  SHA-256:B91626906FBFBF40B95651FA6028A4600B9C55D29F39948A28D7D2DEBDB31880
                  SHA-512:38AEEC4D9E54A0DC459FB299E400B63320C57840AFDDCC64DBD7CA02F9986525CB442F5EFF4C43B681DA0AEC71FDFA763D00DC72849C01173D719F995514B9C0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........s.P..}...}...}..y~...}..yx.-.}..gy...}..g~...}..gx...}..yy...}..y{...}..y|...}...|...}..gt...}..g}...}..g....}.......}..g....}.Rich..}.........................PE..L......`.........."!................G]....................................................@.........................0...................0........................?..(...p...............................@............... ............................text.../........................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSI28B7.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):315467
                  Entropy (8bit):3.7642619029995705
                  Encrypted:false
                  SSDEEP:1536:3dUccIEsO8dXuwRyyRyyRyyRyyRyyRyyRyyRyyRyyRyyRyyRyyRyhrcx18V:NUcpO6f8V
                  MD5:40C9F0A40A5CA72A3F3B50E7C4B59A68
                  SHA1:E90FFE7921DF0996DADD4CC2B587D5EE8582537A
                  SHA-256:9DD5875D0EF6C1477B580E63D44F5E0A0B910D81E75CD243920F3C6B4B28C17F
                  SHA-512:1D96AD32D6FCE7D2955174098746DD973F0FFCD67FAB211FB74BA30CD9852FE558CF6207BEF34FB26F6B26793600B1BA1224A815FEF0B8EA3D5638FDE892913B
                  Malicious:false
                  Preview:...@IXOS.@.....@..X.@.....@.....@.....@.....@.....@......&.{53A352F5-DB53-4EE6-976A-81BBB0A97267}..ReefMaster Sonar Viewer..ReefMasterSonarViewer1.1.42.msi.@.....@*....@.....@......reefmasterlogo.exe..&.{6C75B81B-981D-442D-A5A0-90A54B9CEE12}.....@.....@.....@.....@.......@.....@.....@.......@......ReefMaster Sonar Viewer......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@!....@.....@.]....&.{EDD28E99-81DF-4D00-9FE4-8E25DE24D41F}d.02:\Software\Microsoft\Windows\CurrentVersion\Uninstall\ReefMaster Sonar Viewer 1.1.42.0\DisplayName.@.......@.....@.....@......&.{700D0461-E6FF-4312-906E-3873294A6DCF}g.02:\Software\Caphyon\Advanced Installer\LZMA\{53A352F5-DB53-4EE6-976A-81BBB0A97267}\1.1.42.0\AI_ExePath.@.......@.....@.....@......&.{DD25CC1C-F23D-4C47-83F8-91E6C1153639}a.C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\DevComponents.WPF.Controls.dll.@.......@....

                  C:\Windows\Installer\SourceHash{53A352F5-DB53-4EE6-976A-81BBB0A97267}

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):1.2216037966867472
                  Encrypted:false
                  SSDEEP:12:JSbX72FjwsXAlfLIlHuRp/hG7777777777777777777777777ZDHFsTpLC8nb/NJ:JlUIwuuTRBccF
                  MD5:1D32775FBD4552A611E9BE39962613CA
                  SHA1:4D60BBDB7A96B1B1BA3C2AFE4ECE5E08F89A9C69
                  SHA-256:98E27255DADDF79B12D7C2AE9209D930AEBD4C8245B2432B405F770B9BFF9158
                  SHA-512:4B0CECDB4733CC73471C105BFD6A50502563637BAC37FF79086E7D905C46CDDCB402A5CC476C60F8C7A6CD95DC08460F7672630DCD0A03ABBEA77EC7AFDEB116
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\inprogressinstallinfo.ipi

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):1.9214845864679184
                  Encrypted:false
                  SSDEEP:96:Bhu1/FTL3XRCsuaVZYdAdXx9dNwIra5ZPtRCef:6193nfua7YCdbLoV7f
                  MD5:4E0ECDC852540FAD50BCCA7728A9E949
                  SHA1:A30693D19E0D3C2B8F7800B01F81A1DB342903A4
                  SHA-256:FFB758E9593D1C0DC25AE8C9C995378931C33D19530E05B1BCEBB2227AF2BBD1
                  SHA-512:779C465AE3ED3C0B83F114B1E20D3E1C5FDAE07A1C592B84106C5FD2CD68224FDEDC6253BA5FFA6466669D22940340E04ECAFBB421562B5DDA51F3D1A14E83CC
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\{53A352F5-DB53-4EE6-976A-81BBB0A97267}\reefmasterlogo.exe

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:MS Windows icon resource - 10 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                  Category:dropped
                  Size (bytes):295606
                  Entropy (8bit):3.4332663402999004
                  Encrypted:false
                  SSDEEP:1536:iccIEsO8dXuwRyyRyyRyyRyyRyyRyyRyyRyyRyyRyyRyyRyyRyhrcx1i:icpO6fi
                  MD5:0EA9B052CA08C55BD2B29C035B0CDBB6
                  SHA1:6892F95F9B54864B78B1C9828FE11131FC58AAA1
                  SHA-256:C4F5A0557348F0C43C0EDAAEDD24704AF1BE2C75256E10DA97B8FEFEBA89F992
                  SHA-512:EA3649A4491D174411591B96E4DEFBB113B0191EC1D435D3339AD295DA311CE88AB93823F00F6D8F2E4AC5FDFE5A61E3EBF8830A619634639495031DB84D0AA1
                  Malicious:false
                  Preview:......00......h....... ......................(.......00.............. ......................h...n"........ .( ...'..00.... ..%...G.. .... ......m........ .h...N~..(...0...`......................................................................................................`......................dg...............`.....tdF..............d`.....FFg.............dF.....FFG.......g.....ddg....vFF........tg...ddd`....ddp.........FG.ddddp....FG...d......Fdddddf....dd...vF......ddfFdfG....FG...Fd`......fFddd`...tfp..ddg.......FFFFd....fF...fF........fFddf....F`..dlp........ldff.....lp..lg..........f..`...df..|f`..v`......Fdfp....g..fl............fF.........`..ffg......f.fg.......fp............f............vfp.......f.ff..........lf.......|ff.lp.........f`.......flflf`.............g.....f.fl`..............fh.flfllnf`............f..ll.l.nllf`...........nf..fl.f.ff..........flllffl.f.f..p........f..nf...ff.f.f...........ff...ff..n.f.`......l..f..f.....f.f.f......nn`..nf...fnf.n.f.......lln..ln

                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):871616
                  Entropy (8bit):5.41328200088046
                  Encrypted:false
                  SSDEEP:6144:TFfxq8RfKF0Dux6lvJ3c7v/3d4J588q7P:TFfxq8xKCE6lVcbGJe7P
                  MD5:531BD88CDEE606843471066252132D26
                  SHA1:DFA5234439C78A450B1A66353D3E162801BF0DB0
                  SHA-256:0C7A9B3C95827D5857D5443AFC727561B1B9EC6849F8E6D87DC4509877AA75E9
                  SHA-512:4F589BE5FA13BB1C7C63F629D3457C1E8AF2AF0AAD8C6477F3E4B19971261EA9E44FFC91356B515BF9FFC2327539A5DCA87285B4AAD913598EF8FDFE785636F5
                  Malicious:false
                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 09:59:37.236 [4684]: Command line: D:\wd\compilerTemp\BMT.i51yo0aa.beh\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 09:59:37.255 [4684]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 09:59:37.299 [4684]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 09:59:37.299 [4684]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 09:59:37.299 [

                  C:\Windows\Temp\~DF02F41CCDF428089C.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3::
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF3401D7F65FDE7EAC.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):1.5125379467179996
                  Encrypted:false
                  SSDEEP:96:sm+1TLQ3XRCsuaVZYdAdXx9dNwIra5ZPtRCef:t+1fQnfua7YCdbLoV7f
                  MD5:493D77E1FE9FF0E7EC348DEC2F27C958
                  SHA1:04D4115D8A862CA901C6E58B6944833F19D337C4
                  SHA-256:AB1AC256D4A3A938610EEE378885C20A5637338557BC7830C752E3D42D90D8AB
                  SHA-512:4F26DBEF4CC2F7C700007E8398769F7DA9ABA776F2E6368EFDFBE128B3A9C5E1B2D98F18E164E25128A9F88289D9CC2636351703589DBD3E69FEA89598ED0AC1
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF44C30ED93B3B776D.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):73728
                  Entropy (8bit):0.2728494982326228
                  Encrypted:false
                  SSDEEP:48:A5TsAEkrCytdmSSkdmlAEkrCytdmb8xFtAajBZYdGvdGWSkdmi9dG2v9fhyFDul+:A5RCeTRCsuaVZYdAdXx9dNwIra5ZPv/
                  MD5:ECC4369826A0A6D70B718DE7ABB31A99
                  SHA1:0AF7AAEB41417EC0000A843D56833E76E2131EEF
                  SHA-256:9D1E043DEB23C476AFDCCB19B7FB1F10446AE507D39E4AA4BD10752E0AB39A60
                  SHA-512:622D906F544156039CA019096628672BB35EA5F41FBBD3E8C2B0FDB75B5B96B4A048877540A4743FBDC277A84EB2781E1122051DF25E667750C3B4F0CF182899
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF54A9EF41587CD943.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):0.11311568594324148
                  Encrypted:false
                  SSDEEP:6:xPLG7iVCnLG7iVrKOzPLHKOUldvKYl10ReMkHJ5CSocl1b/QReMkHJ9lqVky6lNk:50i8n0itFzDHFsTpLC8nb/NvbNM1
                  MD5:32204ACA3ADD31272B5011F8D0F3ABF5
                  SHA1:DE549904732F777EC4BEEEBF2FDE9C7D6C941D34
                  SHA-256:A56A05331F180632E747455EA4D2F721A0F6655905618F446CE800368A6D568B
                  SHA-512:2657BC3663C8709CE47269AD4880C372225C99D23FC2D9FD4EAE5BF344227056F07E799C6E0DD3AEC4CDA93B3E9ACF90AC8E2771C60DB541EBAF6C7D27B58AC5
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF697919EB39A0A23C.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):1.5125379467179996
                  Encrypted:false
                  SSDEEP:96:sm+1TLQ3XRCsuaVZYdAdXx9dNwIra5ZPtRCef:t+1fQnfua7YCdbLoV7f
                  MD5:493D77E1FE9FF0E7EC348DEC2F27C958
                  SHA1:04D4115D8A862CA901C6E58B6944833F19D337C4
                  SHA-256:AB1AC256D4A3A938610EEE378885C20A5637338557BC7830C752E3D42D90D8AB
                  SHA-512:4F26DBEF4CC2F7C700007E8398769F7DA9ABA776F2E6368EFDFBE128B3A9C5E1B2D98F18E164E25128A9F88289D9CC2636351703589DBD3E69FEA89598ED0AC1
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF8D42EC023F5A0749.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3::
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF9396DEEE31707E1E.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):1.9214845864679184
                  Encrypted:false
                  SSDEEP:96:Bhu1/FTL3XRCsuaVZYdAdXx9dNwIra5ZPtRCef:6193nfua7YCdbLoV7f
                  MD5:4E0ECDC852540FAD50BCCA7728A9E949
                  SHA1:A30693D19E0D3C2B8F7800B01F81A1DB342903A4
                  SHA-256:FFB758E9593D1C0DC25AE8C9C995378931C33D19530E05B1BCEBB2227AF2BBD1
                  SHA-512:779C465AE3ED3C0B83F114B1E20D3E1C5FDAE07A1C592B84106C5FD2CD68224FDEDC6253BA5FFA6466669D22940340E04ECAFBB421562B5DDA51F3D1A14E83CC
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DFD2EA01D8F15A336B.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):1.9214845864679184
                  Encrypted:false
                  SSDEEP:96:Bhu1/FTL3XRCsuaVZYdAdXx9dNwIra5ZPtRCef:6193nfua7YCdbLoV7f
                  MD5:4E0ECDC852540FAD50BCCA7728A9E949
                  SHA1:A30693D19E0D3C2B8F7800B01F81A1DB342903A4
                  SHA-256:FFB758E9593D1C0DC25AE8C9C995378931C33D19530E05B1BCEBB2227AF2BBD1
                  SHA-512:779C465AE3ED3C0B83F114B1E20D3E1C5FDAE07A1C592B84106C5FD2CD68224FDEDC6253BA5FFA6466669D22940340E04ECAFBB421562B5DDA51F3D1A14E83CC
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DFF569129A7E678F29.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3::
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DFF7315004831D31E1.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3::
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DFF85EE2D0B5BB0B86.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):1.5125379467179996
                  Encrypted:false
                  SSDEEP:96:sm+1TLQ3XRCsuaVZYdAdXx9dNwIra5ZPtRCef:t+1fQnfua7YCdbLoV7f
                  MD5:493D77E1FE9FF0E7EC348DEC2F27C958
                  SHA1:04D4115D8A862CA901C6E58B6944833F19D337C4
                  SHA-256:AB1AC256D4A3A938610EEE378885C20A5637338557BC7830C752E3D42D90D8AB
                  SHA-512:4F26DBEF4CC2F7C700007E8398769F7DA9ABA776F2E6368EFDFBE128B3A9C5E1B2D98F18E164E25128A9F88289D9CC2636351703589DBD3E69FEA89598ED0AC1
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DFFD301C1B26EF504C.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3::
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  Static File Info

                  General

                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Entropy (8bit):7.669411944067391
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 98.81%
                  • Windows ActiveX control (116523/4) 1.15%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  • DOS Executable Generic (2002/1) 0.02%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:ReefMasterSonarViewer1.1.42.exe
                  File size:24'704'432 bytes
                  MD5:c62866600614868da4941c5346ff120a
                  SHA1:ed20d35ef4551846302185f94275553b2f3c85a3
                  SHA256:0575af1327f2ad125653e40d15abde6dbabb9de5e628fa674c122f95a6c1c55a
                  SHA512:8f8ec015176fcd82963bc302cc52f7d6924e044aa9247a15dc9120ea9af4fdfcd2be9c08fd3c68900e424dc24267f93dc518409b81cdcd2392c74ac275f00956
                  SSDEEP:393216:EPJS6S95BPJS6S95BbiuyJKEzZG1XgP0gEcyb7HzWt6zl4T+NAcemT+MqrWZe:EPJTGPJTibQKEsVgP0DX4G4ToAHmi3r/
                  TLSH:28470131368AC52BE56A25B0562CD7BF5369BFB40FB144D7A3D46D6E09B08C25332E23
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u.."1..q1..q1..q%..p<..q%..p...q%..p0..qc..p"..qc..p&..qc..pS..q%..p(..q%..p2..q%..p0..q1..q...qg..p...qg..q0..q1.zq0..qg..p0..

                  File Icon

                  Icon Hash:cf37214f373271db

                  Static PE Info

                  General

                  Entrypoint:0x52e951
                  Entrypoint Section:.text
                  Digitally signed:true
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Time Stamp:0x60DA0E9C [Mon Jun 28 18:02:04 2021 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:6
                  OS Version Minor:0
                  File Version Major:6
                  File Version Minor:0
                  Subsystem Version Major:6
                  Subsystem Version Minor:0
                  Import Hash:0ab020de3096b6aafb4fadfac4d16825

                  Authenticode Signature

                  Signature Valid:true
                  Signature Issuer:CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                  Signature Validation Error:The operation completed successfully
                  Error Number:0
                  Not Before, Not After
                  • 16/10/2020 01:00:00 17/10/2022 00:59:59
                  Subject Chain
                  • CN=Reefmaster Software Limited, O=Reefmaster Software Limited, STREET="2 Burlow Close, Birdham", L=Chichester, S=West Sussex, PostalCode=PO20 7ES, C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=08513204
                  Version:3
                  Thumbprint MD5:7F92CCEE177FB2EDD75232FFFC76FC3A
                  Thumbprint SHA-1:33D58ACDCD34236239B763432E56B664BF545F19
                  Thumbprint SHA-256:5F8794BB10E2D2B85804E93904F2DBA010ACCF09915F14DE37368D163E672AF8
                  Serial:514996D1A02091363A69BBF5FD0586E5

                  Entrypoint Preview

                  Instruction
                  call 00007F6A04559653h
                  jmp 00007F6A04558E5Fh
                  int3
                  int3
                  int3
                  int3
                  int3
                  push ecx
                  lea ecx, dword ptr [esp+08h]
                  sub ecx, eax
                  and ecx, 0Fh
                  add eax, ecx
                  sbb ecx, ecx
                  or eax, ecx
                  pop ecx
                  jmp 00007F6A0455973Fh
                  push ecx
                  lea ecx, dword ptr [esp+08h]
                  sub ecx, eax
                  and ecx, 07h
                  add eax, ecx
                  sbb ecx, ecx
                  or eax, ecx
                  pop ecx
                  jmp 00007F6A04559729h
                  mov ecx, dword ptr [ebp-0Ch]
                  mov dword ptr fs:[00000000h], ecx
                  pop ecx
                  pop edi
                  pop edi
                  pop esi
                  pop ebx
                  mov esp, ebp
                  pop ebp
                  push ecx
                  ret
                  mov ecx, dword ptr [ebp-10h]
                  xor ecx, ebp
                  call 00007F6A04558482h
                  jmp 00007F6A04558FC2h
                  push eax
                  push dword ptr fs:[00000000h]
                  lea eax, dword ptr [esp+0Ch]
                  sub esp, dword ptr [esp+0Ch]
                  push ebx
                  push esi
                  push edi
                  mov dword ptr [eax], ebp
                  mov ebp, eax
                  mov eax, dword ptr [005E7024h]
                  xor eax, ebp
                  push eax
                  push dword ptr [ebp-04h]
                  mov dword ptr [ebp-04h], FFFFFFFFh
                  lea eax, dword ptr [ebp-0Ch]
                  mov dword ptr fs:[00000000h], eax
                  ret
                  push eax
                  push dword ptr fs:[00000000h]
                  lea eax, dword ptr [esp+0Ch]
                  sub esp, dword ptr [esp+0Ch]
                  push ebx
                  push esi
                  push edi
                  mov dword ptr [eax], ebp
                  mov ebp, eax
                  mov eax, dword ptr [005E7024h]
                  xor eax, ebp
                  push eax
                  mov dword ptr [ebp-10h], eax
                  push dword ptr [ebp-04h]
                  mov dword ptr [ebp-04h], FFFFFFFFh
                  lea eax, dword ptr [ebp-0Ch]
                  mov dword ptr fs:[00000000h], eax
                  ret

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1e5cfc0x28.rdata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1ee0000x55418.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x178d2d00x22e0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x2440000x1a020.reloc
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x1ac9d80x70.rdata
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x1aca800x18.rdata
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x188e880x40.rdata
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x1870000x2c0.rdata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x1e33980x260.rdata
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x185f6f0x18600041c1691bc28353db6100da452e68821cFalse0.4492869841746795data6.4236673961936726IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .rdata0x1870000x5fcf40x5fe0020e7e3bd8a324db12e02facbf23c05e5False0.32477387548891784data4.589343729337878IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .data0x1e70000x6e780x5600f7eea52421e219bdf926c3c7782773d9False0.13063226744186046data2.033793940154847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .rsrc0x1ee0000x554180x5560042e3c7f8fa8cd2ed2dc881ca112cc24fFalse0.10617793740849195data3.69681268327221IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .reloc0x2440000x1a0200x1a200bc7fa05dd1b07961e7cf4ed7add5db3bFalse0.5056444377990431data6.570406888811746IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  IMAGE_FILE0x1eeb180x6ISO-8859 text, with no line terminatorsEnglishGreat Britain2.1666666666666665
                  IMAGE_FILE0x1eeb200x6ISO-8859 text, with no line terminatorsEnglishGreat Britain2.1666666666666665
                  RTF_FILE0x1eeb280x2e9Rich Text Format data, version 1, ANSI, code page 1252EnglishGreat Britain0.5503355704697986
                  RTF_FILE0x1eee140xa1Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033EnglishGreat Britain0.906832298136646
                  RT_BITMAP0x1eeeb80x13eDevice independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 5 important colorsEnglishUnited States0.25471698113207547
                  RT_BITMAP0x1eeff80x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.03017241379310345
                  RT_BITMAP0x1ef8200x48a8Device independent bitmap graphic, 290 x 16 x 32, image size 0EnglishUnited States0.11881720430107527
                  RT_BITMAP0x1f40c80xa6aDevice independent bitmap graphic, 320 x 16 x 4, image size 2562, resolution 2834 x 2834 px/mEnglishUnited States0.21680420105026257
                  RT_BITMAP0x1f4b340x152Device independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 10 important colorsEnglishUnited States0.5295857988165681
                  RT_BITMAP0x1f4c880x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.4875478927203065
                  RT_ICON0x1f54b00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.4445121951219512
                  RT_ICON0x1f5b180x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.571236559139785
                  RT_ICON0x1f5e000x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6824324324324325
                  RT_ICON0x1f5f280xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.4562899786780384
                  RT_ICON0x1f6dd00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.46435018050541516
                  RT_ICON0x1f76780x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.3591040462427746
                  RT_ICON0x1f7be00x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishGreat Britain0.0600349143415096
                  RT_ICON0x239c080x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.2534232365145228
                  RT_ICON0x23c1b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.3271575984990619
                  RT_ICON0x23d2580x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.575354609929078
                  RT_MENU0x23d6c00x5cdataEnglishGreat Britain0.9021739130434783
                  RT_MENU0x23d71c0x2adataEnglishGreat Britain1.0714285714285714
                  RT_DIALOG0x23d7480xacdataEnglishGreat Britain0.7151162790697675
                  RT_DIALOG0x23d7f40x2a6dataEnglishGreat Britain0.5162241887905604
                  RT_DIALOG0x23da9c0x3b4dataEnglishGreat Britain0.43248945147679324
                  RT_DIALOG0x23de500xbcdataEnglishGreat Britain0.7180851063829787
                  RT_DIALOG0x23df0c0x204dataEnglishGreat Britain0.562015503875969
                  RT_DIALOG0x23e1100x282dataEnglishGreat Britain0.48286604361370716
                  RT_DIALOG0x23e3940xccdataEnglishGreat Britain0.6911764705882353
                  RT_DIALOG0x23e4600x146dataEnglishGreat Britain0.5828220858895705
                  RT_DIALOG0x23e5a80x226dataEnglishGreat Britain0.4709090909090909
                  RT_DIALOG0x23e7d00x388dataEnglishGreat Britain0.4579646017699115
                  RT_DIALOG0x23eb580x1b4dataEnglishGreat Britain0.5458715596330275
                  RT_DIALOG0x23ed0c0x136dataEnglishGreat Britain0.6064516129032258
                  RT_DIALOG0x23ee440x4cdataEnglishUnited States0.8289473684210527
                  RT_STRING0x23ee900x458dataEnglishGreat Britain0.3839928057553957
                  RT_STRING0x23f2e80x344dataEnglishGreat Britain0.37320574162679426
                  RT_STRING0x23f62c0x2f8dataEnglishGreat Britain0.4039473684210526
                  RT_STRING0x23f9240x598dataEnglishGreat Britain0.2807262569832402
                  RT_STRING0x23febc0x3aaStarOffice Gallery theme i, 1627418368 objects, 1st nEnglishGreat Britain0.4211087420042644
                  RT_STRING0x2402680x5c0dataEnglishGreat Britain0.3498641304347826
                  RT_STRING0x2408280x568dataEnglishGreat Britain0.32875722543352603
                  RT_STRING0x240d900x166dataEnglishGreat Britain0.5418994413407822
                  RT_STRING0x240ef80x520dataEnglishGreat Britain0.39176829268292684
                  RT_STRING0x2414180x1a0dataEnglishGreat Britain0.45913461538461536
                  RT_STRING0x2415b80x18adataEnglishUnited States0.5228426395939086
                  RT_STRING0x2417440x216Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.46254681647940077
                  RT_STRING0x24195c0x624dataEnglishUnited States0.3575063613231552
                  RT_STRING0x241f800x660dataEnglishUnited States0.3474264705882353
                  RT_STRING0x2425e00x2a8dataEnglishUnited States0.3985294117647059
                  RT_GROUP_ICON0x2428880x92dataEnglishGreat Britain0.6301369863013698
                  RT_VERSION0x24291c0x380dataEnglishGreat Britain0.39955357142857145
                  RT_MANIFEST0x242c9c0x77bXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishGreat Britain0.4

                  Imports

                  DLLImport
                  KERNEL32.dllCreateFileW, CloseHandle, WriteFile, DeleteFileW, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, RemoveDirectoryW, GetTempPathW, GetTempFileNameW, CreateDirectoryW, MoveFileW, GetLastError, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetCurrentThreadId, RaiseException, SetLastError, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpW, CreateEventW, SetEvent, InitializeCriticalSection, lstrcpynW, WaitForSingleObject, CreateThread, GetProcAddress, LoadLibraryExW, DecodePointer, Sleep, GetDiskFreeSpaceExW, GetExitCodeThread, GetCurrentProcessId, FreeLibrary, GetSystemDirectoryW, lstrlenW, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, GetModuleHandleW, LoadLibraryW, GetDriveTypeW, CompareStringW, FindFirstFileW, FindNextFileW, GetLogicalDriveStringsW, GetFileSize, GetFileAttributesW, GetShortPathNameW, SetFileAttributesW, GetFileTime, CopyFileW, ReadFile, SetFilePointer, SystemTimeToFileTime, FindClose, MultiByteToWideChar, WideCharToMultiByte, GetCurrentProcess, GetSystemInfo, WaitForMultipleObjects, ReadConsoleW, VirtualProtect, VirtualQuery, LoadLibraryExA, GetStringTypeW, SetUnhandledExceptionFilter, FileTimeToSystemTime, GetEnvironmentVariableW, GetEnvironmentStringsW, FormatMessageW, LocalFree, InitializeCriticalSectionEx, LoadLibraryA, GetModuleFileNameA, GetFullPathNameW, GetCurrentThread, GetConsoleOutputCP, FlushFileBuffers, SetConsoleTextAttribute, GetStdHandle, GetConsoleScreenBufferInfo, OutputDebugStringW, CreateProcessW, GetExitCodeProcess, GetTickCount, GetCommandLineW, SetCurrentDirectoryW, SetEndOfFile, EnumResourceLanguagesW, GetLocaleInfoW, GetSystemDefaultLangID, GetUserDefaultLangID, GetWindowsDirectoryW, GetSystemTime, GetDateFormatW, GetTimeFormatW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, ResetEvent, GlobalFree, GetPrivateProfileStringW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, GetLocalTime, CreateNamedPipeW, ConnectNamedPipe, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, IsWow64Process, TerminateThread, LocalAlloc, CompareFileTime, CopyFileExW, OpenEventW, PeekNamedPipe, IsDebuggerPresent, EncodePointer, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, QueryPerformanceCounter, QueryPerformanceFrequency, LCMapStringEx, GetSystemTimeAsFileTime, CompareStringEx, GetCPInfo, WaitForSingleObjectEx, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitProcess, GetModuleHandleExW, GetFileType, GetTimeZoneInformation, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetConsoleMode, IsValidCodePage, GetACP, GetOEMCP, GetFileSizeEx, SetFilePointerEx, FindFirstFileExW, GetCommandLineA, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, WriteConsoleW

                  Possible Origin

                  Language of compilation systemCountry where language is spokenMap
                  EnglishGreat Britain
                  EnglishUnited States

                  Network Behavior

                  Snort IDS Alerts

                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                  04/25/24-22:06:57.533542TCP2834928ETPRO MALWARE Observed Suspicious UA (AdvancedInstaller)5037880192.168.11.2020.60.80.196

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Apr 25, 2024 22:06:58.690126896 CEST50383443192.168.11.2045.33.71.201
                  Apr 25, 2024 22:06:58.690145969 CEST4435038345.33.71.201192.168.11.20
                  Apr 25, 2024 22:06:58.690373898 CEST50383443192.168.11.2045.33.71.201
                  Apr 25, 2024 22:06:58.695518970 CEST50383443192.168.11.2045.33.71.201
                  Apr 25, 2024 22:06:58.695529938 CEST4435038345.33.71.201192.168.11.20
                  Apr 25, 2024 22:06:58.914424896 CEST4435038345.33.71.201192.168.11.20
                  Apr 25, 2024 22:06:58.914657116 CEST50383443192.168.11.2045.33.71.201
                  Apr 25, 2024 22:06:58.924315929 CEST50383443192.168.11.2045.33.71.201
                  Apr 25, 2024 22:06:58.924326897 CEST4435038345.33.71.201192.168.11.20
                  Apr 25, 2024 22:06:58.924551010 CEST4435038345.33.71.201192.168.11.20
                  Apr 25, 2024 22:06:58.926467896 CEST50383443192.168.11.2045.33.71.201
                  Apr 25, 2024 22:06:58.968234062 CEST4435038345.33.71.201192.168.11.20
                  Apr 25, 2024 22:06:59.149656057 CEST4435038345.33.71.201192.168.11.20
                  Apr 25, 2024 22:06:59.149732113 CEST4435038345.33.71.201192.168.11.20
                  Apr 25, 2024 22:06:59.149895906 CEST50383443192.168.11.2045.33.71.201
                  Apr 25, 2024 22:06:59.150198936 CEST50383443192.168.11.2045.33.71.201
                  Apr 25, 2024 22:06:59.150211096 CEST4435038345.33.71.201192.168.11.20
                  Apr 25, 2024 22:06:59.150285959 CEST50383443192.168.11.2045.33.71.201
                  Apr 25, 2024 22:06:59.150296926 CEST4435038345.33.71.201192.168.11.20

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Apr 25, 2024 22:06:58.562330008 CEST6155153192.168.11.201.1.1.1
                  Apr 25, 2024 22:06:58.687541962 CEST53615511.1.1.1192.168.11.20

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Apr 25, 2024 22:06:58.562330008 CEST192.168.11.201.1.1.10xb36bStandard query (0)wyday.comA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Apr 25, 2024 22:06:58.687541962 CEST1.1.1.1192.168.11.200xb36bNo error (0)wyday.com45.33.71.201A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • wyday.com

                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.11.205038345.33.71.2014439152C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe
                  TimestampBytes transferredDirectionData
                  2024-04-25 20:06:58 UTC266OUTPOST /limelm/api/rest/ HTTP/1.1
                  Host: wyday.com
                  Authorization: Basic Og==
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                  Accept: */*
                  Accept-Encoding: br
                  Content-Length: 782
                  Content-Type: application/x-www-form-urlencoded
                  2024-04-25 20:06:58 UTC782OUTData Raw: 6d 65 74 68 6f 64 3d 6c 69 6d 65 6c 6d 2e 69 6e 74 65 72 6e 61 6c 2e 75 73 65 54 72 69 61 6c 26 74 72 61 63 6b 62 6c 6f 63 6b 3d 43 55 69 57 65 50 46 73 59 59 44 38 69 66 65 67 25 32 46 7a 25 32 46 51 4e 51 5a 31 67 66 5a 33 49 6b 71 48 4f 7a 46 37 70 75 45 51 33 73 51 68 58 68 31 76 4b 36 56 46 31 42 34 33 35 63 67 55 77 67 6b 32 4d 68 33 4c 61 36 66 45 75 52 74 39 64 4d 54 67 25 32 42 5a 4d 72 72 25 32 42 56 31 33 70 61 4a 72 4e 6b 62 59 55 47 25 32 42 5a 43 31 51 4f 4e 69 25 32 46 76 4b 55 31 6a 44 44 6d 70 39 47 25 32 46 42 46 25 32 42 59 59 6f 6a 6e 33 64 30 4a 33 79 66 67 72 48 44 4a 33 4a 63 31 79 30 53 36 5a 76 53 61 59 6f 4d 53 5a 53 56 4a 51 6f 50 33 68 4f 4b 73 6c 76 39 47 64 33 79 75 36 44 41 34 73 52 68 46 4b 4a 45 69 72 6b 54 59 45 67 6a 36
                  Data Ascii: method=limelm.internal.useTrial&trackblock=CUiWePFsYYD8ifeg%2Fz%2FQNQZ1gfZ3IkqHOzF7puEQ3sQhXh1vK6VF1B435cgUwgk2Mh3La6fEuRt9dMTg%2BZMrr%2BV13paJrNkbYUG%2BZC1QONi%2FvKU1jDDmp9G%2FBF%2BYYojn3d0J3yfgrHDJ3Jc1y0S6ZvSaYoMSZSVJQoP3hOKslv9Gd3yu6DA4sRhFKJEirkTYEgj6
                  2024-04-25 20:06:59 UTC661INHTTP/1.1 200 OK
                  Server: freenginx
                  Date: Thu, 25 Apr 2024 20:06:59 GMT
                  Content-Type: text/xml;charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: close
                  Vary: Accept-Encoding
                  Alt-Svc: h3=":443"; ma=86400
                  Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                  X-Frame-Options: DENY
                  X-Content-Type-Options: nosniff
                  X-XSS-Protection: 1; mode=block
                  Content-Security-Policy: default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self'; frame-src 'self' https://www.youtube.com https://www.google.com/recaptcha/; img-src 'self' data: https://secure.gravatar.com/avatar/;
                  2024-04-25 20:06:59 UTC482INData Raw: 31 64 36 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c 72 73 70 20 73 74 61 74 3d 22 6f 6b 22 3e 3c 76 65 72 69 74 72 69 61 6c 20 64 61 74 61 3d 22 6d 31 38 49 4f 2f 48 53 73 4e 6c 48 34 5a 73 35 2b 34 70 46 73 70 36 2b 46 4c 4a 5a 4d 6e 78 31 4d 39 61 73 65 66 6b 31 64 67 6f 78 45 63 45 2f 77 78 64 68 67 76 59 77 44 7a 6e 55 30 33 78 58 56 51 31 43 4c 52 71 44 47 62 58 66 4f 54 35 39 69 39 78 6a 50 71 55 38 51 6f 68 71 79 49 2f 44 35 71 57 39 79 32 4d 66 52 67 5a 73 4d 66 58 4f 2f 4a 7a 5a 68 2b 4c 31 57 52 49 2f 49 65 41 4d 5a 72 38 55 6b 52 4b 46 32 2b 78 42 66 79 71 6c 35 66 43 2b 30 36 2b 2b 49 33 48 30 72 72 62 65 52 68 30 48 56 51 52 57 79 6d 47 45 7a 46 48 39 6e 52 58
                  Data Ascii: 1d6<?xml version="1.0" encoding="utf-8"?><rsp stat="ok"><veritrial data="m18IO/HSsNlH4Zs5+4pFsp6+FLJZMnx1M9asefk1dgoxEcE/wxdhgvYwDznU03xXVQ1CLRqDGbXfOT59i9xjPqU8QohqyI/D5qW9y2MfRgZsMfXO/JzZh+L1WRI/IeAMZr8UkRKF2+xBfyql5fC+06++I3H0rrbeRh0HVQRWymGEzFH9nRX


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:5
                  Start time:22:06:20
                  Start date:25/04/2024
                  Path:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe"
                  Imagebase:0xdb0000
                  File size:24'704'432 bytes
                  MD5 hash:C62866600614868DA4941C5346FF120A
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:6
                  Start time:22:06:21
                  Start date:25/04/2024
                  Path:C:\Windows\System32\msiexec.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\msiexec.exe /V
                  Imagebase:0x7ff67e740000
                  File size:69'632 bytes
                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:false

                  General

                  Target ID:7
                  Start time:22:06:22
                  Start date:25/04/2024
                  Path:C:\Windows\SysWOW64\msiexec.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 814FD75CA49A0CAF6F4632D049971993 C
                  Imagebase:0xc30000
                  File size:59'904 bytes
                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:9
                  Start time:22:06:39
                  Start date:25/04/2024
                  Path:C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" /i "C:\Users\user\AppData\Roaming\ReefMaster Software\ReefMaster Sonar Viewer 1.1.42.0\install\ReefMasterSonarViewer1.1.42.msi" AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReefMaster Sonar Viewer" APPDIR="C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer" SECONDSEQUENCE="1" CLIENTPROCESSID="3408" CHAINERUIPROCESSID="3408Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_FOUND_PREREQS=".NET Framework 4.5" AI_DETECTED_DOTNET_VERSION="4.8" AI_SETUPEXEPATH="C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" SETUPEXEDIR="C:\Users\user\Desktop\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1714054620 " AI_SETUPEXEPATH_ORIGINAL="C:\Users\user\Desktop\ReefMasterSonarViewer1.1.42.exe" TARGETDIR="C:\" AI_INSTALL="1"
                  Imagebase:0xdb0000
                  File size:24'704'432 bytes
                  MD5 hash:C62866600614868DA4941C5346FF120A
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:12
                  Start time:22:06:41
                  Start date:25/04/2024
                  Path:C:\Windows\SysWOW64\msiexec.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 775B6AE01A687B1CA3B58C881C9C64E9
                  Imagebase:0xc30000
                  File size:59'904 bytes
                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:14
                  Start time:22:06:53
                  Start date:25/04/2024
                  Path:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\ReefMasterSonarViewer.exe"
                  Imagebase:0x2a4440b0000
                  File size:1'775'328 bytes
                  MD5 hash:F9102FCEA8DC399EB9AE26DDA815D0C9
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Antivirus matches:
                  • Detection: 0%, ReversingLabs
                  Reputation:low
                  Has exited:false

                  General

                  Target ID:15
                  Start time:22:06:54
                  Start date:25/04/2024
                  Path:C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Program Files (x86)\ReefMaster Software\ReefMaster Sonar Viewer\sonarviewer_updater.exe" /justcheck
                  Imagebase:0xd90000
                  File size:1'274'080 bytes
                  MD5 hash:B797EC561F9F0576F7E55415B67CA62D
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Antivirus matches:
                  • Detection: 0%, ReversingLabs
                  Reputation:low
                  Has exited:true

                  Disassembly

                  Reset < >

                    Execution Graph

                    Execution Coverage:10.5%
                    Dynamic/Decrypted Code Coverage:0%
                    Signature Coverage:16.7%
                    Total number of Nodes:2000
                    Total number of Limit Nodes:110
                    execution_graph 49174 ede6ad 49177 edde86 49174->49177 49176 ede6e2 49178 edde8b 49177->49178 49179 eddea5 49178->49179 49183 ee029a 49178->49183 49179->49176 49181 edeb4c IsProcessorFeaturePresent 49182 edeb71 49181->49182 49182->49176 49184 ee02e1 RaiseException 49183->49184 49185 ee02b4 49183->49185 49184->49181 49185->49184 49186 e1d960 49189 e1d9a0 49186->49189 49188 e1d987 49190 e1db60 49189->49190 49191 e1d9d7 49189->49191 49190->49188 49192 e1d9e6 49191->49192 49193 e1dabe 49191->49193 49204 e1da0b GetWindowRect GetCursorPos PtInRect 49192->49204 49218 e1da92 49192->49218 49194 e1daca 49193->49194 49195 e1db4e 49193->49195 49207 e1daef GetCursorPos ScreenToClient RedrawWindow 49194->49207 49194->49218 49196 e1db56 49195->49196 49197 e1db7e 49195->49197 49219 e1e160 SetWindowPos RedrawWindow 49196->49219 49198 e1dbb0 49197->49198 49199 e1db86 49197->49199 49202 e1dc25 49198->49202 49203 e1dbb8 49198->49203 49220 e1e4e0 7 API calls 49199->49220 49206 e1dc2a RedrawWindow 49202->49206 49212 e1dc50 49202->49212 49211 e1dbcd 49203->49211 49203->49218 49208 e1da4d TrackMouseEvent 49204->49208 49204->49218 49206->49218 49210 e1db48 49207->49210 49209 e1da80 RedrawWindow 49208->49209 49208->49218 49209->49218 49210->49188 49213 e1dbfd 49211->49213 49215 e1dbf2 49211->49215 49216 e1dbdb CallWindowProcW 49211->49216 49212->49218 49222 e1f230 SystemParametersInfoW 49212->49222 49213->49188 49221 e1ea20 GetParent GetDC InflateRect GetParent ReleaseDC 49215->49221 49216->49215 49218->49190 49223 dd93e0 43 API calls 49218->49223 49219->49190 49220->49218 49221->49213 49222->49218 49223->49190 49224 e14360 49225 e143ac 49224->49225 49226 e14484 49225->49226 49227 e143eb 49225->49227 49245 db99b0 49226->49245 49230 e14415 49227->49230 49273 db9230 49227->49273 49229 e1448e 49249 de7cd0 49229->49249 49242 e2f740 CreateWindowExW SendMessageW SendMessageW 49230->49242 49234 e144c5 49263 e14160 49234->49263 49235 e14446 49237 e1450f 49280 db8520 49237->49280 49239 e1451e GetWindowLongW SetWindowLongW SendMessageW 49240 db8520 11 API calls 49239->49240 49241 e1457f 49240->49241 49284 dc0440 49242->49284 49246 db99bd 49245->49246 49247 ee029a RaiseException 49246->49247 49248 db99ca RtlAllocateHeap 49247->49248 49248->49229 49250 de7d1d 49249->49250 49303 df9480 49250->49303 49252 de7e1d 49256 de7e67 49252->49256 49258 db8520 11 API calls 49252->49258 49253 de7d53 49253->49252 49254 de7e0e 49253->49254 49328 db8250 49253->49328 49255 db8520 11 API calls 49254->49255 49255->49252 49259 db8520 11 API calls 49256->49259 49258->49256 49260 de7e96 49259->49260 49261 db8520 11 API calls 49260->49261 49262 de7ea5 49261->49262 49262->49234 49264 e1419c DestroyCursor 49263->49264 49265 e141ab 49263->49265 49264->49265 49267 e14208 GetWindowRect 49265->49267 49271 e141da LoadImageW 49265->49271 49267->49271 49268 e14288 49268->49237 49269 e1429c 49270 e142a6 DestroyCursor 49269->49270 49272 e142ad 49269->49272 49270->49272 49271->49268 49271->49269 49272->49237 49406 db9030 FindResourceExW LoadResource LockResource SizeofResource 49273->49406 49275 db9240 49276 db924a FindResourceW 49275->49276 49279 db926b 49275->49279 49277 db9261 49276->49277 49276->49279 49407 db90f0 LoadResource LockResource SizeofResource 49277->49407 49279->49230 49281 db856e 49280->49281 49283 db854d 49280->49283 49281->49239 49282 ee29df 11 API calls 49282->49283 49283->49239 49283->49280 49283->49281 49283->49282 49285 dc0449 49284->49285 49288 dc0457 49285->49288 49290 edbb19 GetProcessHeap HeapAlloc 49285->49290 49287 dc0480 49287->49235 49288->49287 49289 dc046e SetWindowLongW 49288->49289 49289->49287 49291 edbb35 49290->49291 49292 edbb31 49290->49292 49297 edb8ab 49291->49297 49292->49288 49294 edbb40 49295 edbb69 GetProcessHeap HeapFree 49294->49295 49296 edbb7a 49294->49296 49295->49292 49296->49288 49298 edb8b8 DecodePointer 49297->49298 49299 edb8c5 LoadLibraryExA 49297->49299 49298->49294 49300 edb956 49299->49300 49301 edb8de 49299->49301 49300->49294 49301->49300 49302 edb93a DecodePointer 49301->49302 49302->49300 49304 df94df 49303->49304 49305 df952a 49304->49305 49306 df955e 49304->49306 49321 df954c 49304->49321 49327 df9646 49304->49327 49305->49253 49308 df958b 49306->49308 49309 df9572 49306->49309 49307 db8520 11 API calls 49307->49305 49312 db8250 16 API calls 49308->49312 49338 db7200 49309->49338 49310 db8250 16 API calls 49310->49321 49313 df957e 49312->49313 49314 df95e2 49313->49314 49317 db8520 11 API calls 49313->49317 49316 df9621 49314->49316 49318 db8520 11 API calls 49314->49318 49315 df97b9 49315->49310 49315->49321 49319 db8520 11 API calls 49316->49319 49316->49321 49317->49314 49318->49316 49319->49321 49320 db8930 16 API calls 49320->49327 49321->49307 49323 df9797 49324 db8520 11 API calls 49323->49324 49324->49315 49326 db8520 11 API calls 49326->49327 49327->49315 49327->49320 49327->49323 49327->49326 49343 ee6f92 49327->49343 49346 de0710 15 API calls 49327->49346 49330 db8261 49328->49330 49331 db829d 49328->49331 49329 db8351 49333 db8392 CloseHandle 49329->49333 49334 db83a0 49329->49334 49330->49254 49331->49329 49332 db81f0 15 API calls 49331->49332 49335 db82e6 49332->49335 49333->49334 49334->49254 49336 db8335 49335->49336 49337 ee29df 11 API calls 49335->49337 49336->49254 49337->49329 49339 db7227 49338->49339 49340 db722e 49339->49340 49347 db81f0 49339->49347 49340->49313 49342 db7260 49342->49313 49378 ee620e 49343->49378 49346->49327 49348 db823b 49347->49348 49349 db81fb 49347->49349 49370 db81d0 15 API calls 49348->49370 49350 db8226 49349->49350 49351 db8204 49349->49351 49354 db8236 49350->49354 49357 edde86 2 API calls 49350->49357 49351->49348 49353 db820b 49351->49353 49356 edde86 2 API calls 49353->49356 49354->49342 49355 db8211 49360 db821a 49355->49360 49371 ee29df 49355->49371 49356->49355 49359 db8230 49357->49359 49359->49342 49360->49342 49370->49355 49376 ee296b 11 API calls 49371->49376 49373 ee29ee 49377 ee29fc 6 API calls 49373->49377 49375 ee29fb 49376->49373 49377->49375 49392 ee5324 49378->49392 49380 ee6238 49399 ee2aa9 GetLastError SetLastError RtlFreeHeap GetLastError TlsGetValue 49380->49399 49381 ee6223 49381->49380 49386 ee625c 49381->49386 49391 ee6248 49381->49391 49383 ee623d 49400 ee29cf 11 API calls 49383->49400 49385 ee656d 49402 ee6f10 11 API calls 49385->49402 49386->49385 49401 ee6f10 11 API calls 49386->49401 49389 ee67a3 49389->49391 49403 ee2aa9 GetLastError SetLastError RtlFreeHeap GetLastError TlsGetValue 49389->49403 49391->49327 49393 ee533c 49392->49393 49394 ee5329 49392->49394 49393->49381 49404 ee2aa9 GetLastError SetLastError RtlFreeHeap GetLastError TlsGetValue 49394->49404 49396 ee532e 49405 ee29cf 11 API calls 49396->49405 49398 ee5339 49398->49381 49399->49383 49400->49391 49401->49385 49402->49389 49403->49391 49404->49396 49405->49398 49406->49275 49407->49279 49408 e3cf20 49409 e3cf6b 49408->49409 49411 e3cf58 49408->49411 49410 db8520 11 API calls 49409->49410 49410->49411 49412 deff9b 49414 deff90 49412->49414 49414->49412 49416 deffaf 49414->49416 49431 df0580 49414->49431 49449 ddca30 11 API calls 49416->49449 49417 df0012 49418 df026b 49417->49418 49423 db8520 11 API calls 49417->49423 49450 df34e0 13 API calls 49418->49450 49420 df02f4 49451 df2290 39 API calls 49420->49451 49422 df031b GetWindowLongW 49425 df032d IsWindowEnabled 49422->49425 49429 df0300 49422->49429 49423->49417 49424 df03dd SendMessageW 49427 df03ed RedrawWindow 49424->49427 49430 df03fe 49424->49430 49428 df0338 GetWindowLongW 49425->49428 49425->49429 49426 df0374 49426->49424 49426->49430 49427->49430 49428->49429 49429->49422 49429->49426 49432 df05e0 49431->49432 49434 df062c 49432->49434 49468 dfb4e0 16 API calls 49432->49468 49433 df06a4 49433->49414 49437 df0674 49434->49437 49439 df0580 51 API calls 49434->49439 49436 df0604 49436->49434 49469 dfb4e0 16 API calls 49436->49469 49437->49433 49438 ee29df 11 API calls 49437->49438 49442 df06dc 49438->49442 49439->49434 49441 df0803 49441->49414 49442->49441 49452 e16cc0 49442->49452 49443 df0724 KiUserCallbackDispatcher 49444 df073f 49443->49444 49445 df07f9 49444->49445 49446 df07e6 49444->49446 49445->49414 49470 de26e0 31 API calls 49446->49470 49449->49417 49450->49420 49451->49429 49453 e16d0c 49452->49453 49454 e16e86 49453->49454 49455 e16d6a 49453->49455 49456 db99b0 2 API calls 49454->49456 49458 db9230 5 API calls 49455->49458 49459 e16d94 49455->49459 49457 e16e90 49456->49457 49458->49459 49460 e16db0 CreateWindowExW 49459->49460 49461 dc0440 8 API calls 49460->49461 49462 e16def 49461->49462 49463 e16e4c 49462->49463 49464 e16e28 GetWindowLongW 49462->49464 49466 e16e63 SendMessageW 49463->49466 49464->49463 49465 e16e3a GetWindowLongW SetWindowLongW 49464->49465 49465->49463 49467 e16e82 49466->49467 49467->49443 49468->49436 49469->49436 49470->49445 49471 e34869 SetUnhandledExceptionFilter 49499 e32000 49471->49499 49475 e348ea 49505 e07d10 GetSystemDirectoryW 49475->49505 49477 e348f4 49515 e36a10 49477->49515 49480 e34902 49520 e1c6a0 49480->49520 49481 e349b9 49482 e34ac5 49481->49482 49489 e34a53 49481->49489 49483 e34b05 49482->49483 49535 e5be70 49482->49535 49705 e5e520 7 API calls 49483->49705 49486 e34ac3 49652 e34fe0 49486->49652 49488 e34b27 49665 e34e60 49488->49665 49489->49486 49490 e34a9f 49489->49490 49492 e5be70 335 API calls 49489->49492 49523 e39be0 49490->49523 49492->49490 49500 e32037 49499->49500 49504 e32077 NtdllDefWindowProc_W 49499->49504 49706 ede23a EnterCriticalSection 49500->49706 49502 e32041 49502->49504 49710 ede1f0 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 49502->49710 49504->49475 49506 e07e1b 49505->49506 49507 e07d5f 49505->49507 49506->49477 49507->49506 49508 e07e73 49507->49508 49509 e07d79 49507->49509 49510 db99b0 2 API calls 49508->49510 49512 db9230 5 API calls 49509->49512 49513 e07da1 49509->49513 49511 e07e7d 49510->49511 49512->49513 49513->49506 49514 e07e1f LoadLibraryExW 49513->49514 49514->49506 49516 e36a6f GetCurrentThreadId 49515->49516 49518 e36a55 49515->49518 49517 edde86 2 API calls 49516->49517 49519 e36a92 49517->49519 49518->49516 49519->49480 49521 edde86 2 API calls 49520->49521 49522 e1c6cc 49521->49522 49522->49481 49524 e39c11 49523->49524 49525 e39c88 49524->49525 49526 e39c17 49524->49526 49527 e39cb0 49525->49527 49532 e39c84 49525->49532 49712 eab3f0 49525->49712 49530 db8520 11 API calls 49526->49530 49766 e3b590 49527->49766 49530->49532 49531 e39ca3 49531->49527 49533 e39ca7 49531->49533 49532->49486 49721 e3c570 49533->49721 49536 e5bed3 49535->49536 49537 e5beba 49535->49537 49538 e5bf74 49536->49538 49552 e5bf2f 49536->49552 49537->49536 49540 e5bed9 GetTickCount 49537->49540 50818 e60940 6 API calls 49538->50818 49545 e5bee6 49540->49545 49541 e5c19f 50820 e60940 6 API calls 49541->50820 49544 e5c0db 49549 e5c0e5 SetCurrentDirectoryW 49544->49549 49548 ee6f92 11 API calls 49545->49548 49546 e5bf84 49547 e5c8d9 49546->49547 49558 e5bfd0 GetCommandLineW 49546->49558 49593 e5bfdc 49546->49593 49551 db99b0 2 API calls 49547->49551 49548->49552 49553 e5c10e 49549->49553 49550 e5c160 49550->49483 49554 e5c8e3 49551->49554 49552->49536 49552->49538 49552->49541 49557 e5bf3d 49552->49557 50612 e63d90 49553->50612 50830 e62ce0 GetLastError SetLastError RtlFreeHeap GetLastError TlsGetValue 49554->50830 49557->49550 49558->49593 49559 e5c11e 49561 e5c2a0 49559->49561 49562 e5c12c 49559->49562 49560 e5c931 49560->49483 49594 e5c331 49561->49594 50642 e5c990 49561->50642 50819 e60820 12 API calls 49562->50819 49563 e5c241 50822 e60940 6 API calls 49563->50822 49564 e5c1ac 49564->49557 49564->49563 49565 e5c8c3 49564->49565 50821 e48290 RtlAllocateHeap RaiseException 49564->50821 49568 db99b0 2 API calls 49565->49568 49572 e5c8cd 49568->49572 49570 e5c248 49574 dc6020 7 API calls 49570->49574 50829 dc2000 RaiseException 49572->50829 49576 e5c252 49574->49576 50823 e5a3e0 114 API calls 49576->50823 49579 e5c3df 50824 e52010 9 API calls 49579->50824 49582 e5c3aa 49647 e5c41c 49582->49647 50659 e5cb10 49582->50659 49585 e5c3d7 49585->49572 49585->49582 50825 e52010 9 API calls 49585->50825 49589 e5bf7b 49589->49546 49592 e5c468 49592->49547 49595 db9230 5 API calls 49592->49595 49596 e5c49e 49592->49596 49593->49547 49593->49593 50604 e6a4d0 49593->50604 49594->49579 49594->49582 49594->49585 49595->49596 49597 e5c4ef CreateEventW 49596->49597 49598 e5c50d 49597->49598 49599 e5c54d 49598->49599 49600 e5c52a GetLastError 49598->49600 49602 e5c556 SetEvent 49599->49602 49603 e5c55f 49599->49603 49600->49599 49601 e5c53d SetEvent 49600->49601 49604 e5c58f 49601->49604 49602->49604 49603->49604 49605 e5c563 CreateThread 49603->49605 49606 e5c5ff 49604->49606 49607 e5c5b2 49604->49607 49605->49604 51701 e74220 WaitForSingleObject 49605->51701 50664 e5e5e0 49606->50664 49609 e72d20 8 API calls 49607->49609 49611 e5c5c9 49609->49611 49610 e5c606 50698 e6a570 49610->50698 50826 e54130 11 API calls 49611->50826 49616 e5c5d7 49616->49647 50828 e62ce0 GetLastError SetLastError RtlFreeHeap GetLastError TlsGetValue 49647->50828 49653 db8520 11 API calls 49652->49653 49654 e3501f 49653->49654 49655 e35086 49654->49655 49656 e35079 CloseHandle 49654->49656 49657 e350ab 49655->49657 49658 e3509e CloseHandle 49655->49658 49656->49655 51705 e35370 49657->51705 49658->49657 49660 e350e4 51709 e69060 49660->51709 49662 e350f3 51726 e633b0 49662->51726 49664 e3510e 49664->49488 49666 db8520 11 API calls 49665->49666 49667 e34e9f 49666->49667 49668 db8520 11 API calls 49667->49668 49669 e34eae 49668->49669 49670 e34ed9 49669->49670 49671 e34ecc CloseHandle 49669->49671 49672 e34ef1 CloseHandle 49670->49672 49673 e34efe 49670->49673 49671->49670 49672->49673 49674 e34f23 49673->49674 49675 e34f16 CloseHandle 49673->49675 49676 e34f3b CloseHandle 49674->49676 49677 e34f48 49674->49677 49675->49674 49676->49677 49678 e34f60 CloseHandle 49677->49678 49679 e34f6d 49677->49679 49678->49679 51759 ea2b70 49679->51759 49681 e34f85 49682 db8520 11 API calls 49681->49682 49683 e34f91 49682->49683 49705->49486 49708 ede24e 49706->49708 49707 ede253 49707->49502 49708->49707 49711 ede2c2 SleepConditionVariableCS WaitForSingleObjectEx EnterCriticalSection 49708->49711 49710->49504 49711->49708 49713 db8250 16 API calls 49712->49713 49714 eab454 49713->49714 49799 eab2f0 49714->49799 49716 eab46a 49717 db8520 11 API calls 49716->49717 49718 eab481 49717->49718 49719 db8520 11 API calls 49718->49719 49720 eab490 49719->49720 49720->49531 49722 db8250 16 API calls 49721->49722 49724 e3c5d5 49722->49724 49723 e3c5f3 CreateEventW 49725 e3c60d 49723->49725 49724->49723 49726 db8520 11 API calls 49725->49726 49727 e3c631 49726->49727 49728 db8520 11 API calls 49727->49728 49729 e3c640 49728->49729 49730 db8250 16 API calls 49729->49730 49732 e3c678 49730->49732 49731 e3c696 CreateEventW 49733 e3c6aa 49731->49733 49732->49731 49734 db8520 11 API calls 49733->49734 49735 e3c6ce 49734->49735 49736 db8520 11 API calls 49735->49736 49737 e3c6dd 49736->49737 49738 db8250 16 API calls 49737->49738 49739 e3c715 49738->49739 49740 e3c733 CreateEventW 49739->49740 49741 e3c746 49740->49741 49742 db8520 11 API calls 49741->49742 49743 e3c767 49742->49743 49744 db8520 11 API calls 49743->49744 49745 e3c776 49744->49745 49746 edde86 2 API calls 49745->49746 49747 e3c77d CreateThread 49746->49747 49748 e3c7b6 49747->49748 50436 de08e0 49747->50436 49749 e3c7de WaitForMultipleObjects 49748->49749 49750 e3c814 49749->49750 49751 e3c89a GetExitCodeThread 49749->49751 49753 e3c877 49750->49753 49755 e3c866 WaitForMultipleObjects 49750->49755 49812 e6a610 49750->49812 49752 e3c8b7 49751->49752 49764 e3c8d2 49751->49764 49754 e3c8c0 WaitForSingleObject 49752->49754 49752->49764 49753->49751 49804 df8ff0 49753->49804 49756 e3c8d7 GetExitCodeThread 49754->49756 49754->49764 49755->49751 49755->49753 49756->49764 49764->49532 49767 e3b61e 49766->49767 49770 e3b5c9 49766->49770 49768 e3b627 49767->49768 49769 e3b6cf 49767->49769 49775 db8520 11 API calls 49768->49775 49771 e3b774 49769->49771 49772 e3b6d8 49769->49772 50440 e3abf0 49770->50440 49773 e3b77d 49771->49773 49781 e3b8ea 49771->49781 49776 db8520 11 API calls 49772->49776 49780 db8520 11 API calls 49773->49780 49777 e3b681 49775->49777 49778 e3b726 49776->49778 49779 e3abf0 111 API calls 49777->49779 49782 e3abf0 111 API calls 49778->49782 49785 e3b603 49779->49785 49783 e3b7d7 49780->49783 49784 db8520 11 API calls 49781->49784 49781->49785 49782->49785 49786 db8250 16 API calls 49783->49786 49787 e3b941 49784->49787 49785->49532 49789 e3b847 49786->49789 49788 e3abf0 111 API calls 49787->49788 49788->49785 49790 db8250 16 API calls 49789->49790 49791 e3b883 49790->49791 50489 eab170 16 API calls 49791->50489 49793 e3b896 49794 db8520 11 API calls 49793->49794 49795 e3b8a2 49794->49795 49796 db8520 11 API calls 49795->49796 49797 e3b8ae 49796->49797 49798 e3abf0 111 API calls 49797->49798 49798->49785 49800 eab33a 49799->49800 49801 eab3b1 49800->49801 49802 db7200 15 API calls 49800->49802 49801->49716 49803 eab38c 49802->49803 49803->49716 49854 dec1f0 49804->49854 49813 e6a645 GetActiveWindow 49812->49813 49841 e3c845 49812->49841 49814 e6a661 49813->49814 49815 e6a66a 49813->49815 50364 e6a1f0 6 API calls 49814->50364 49818 edbb19 7 API calls 49815->49818 49819 e6a68d 49815->49819 49820 e6a67c 49818->49820 49822 dc2020 8 API calls 49819->49822 49820->49819 49821 e6a683 SetLastError 49820->49821 49823 e6a69e CreateDialogParamW 49822->49823 49842 e6a7f0 CreateThread 49841->49842 49843 e6a883 49842->49843 49844 e6a87a GetLastError 49842->49844 50420 e87a40 49842->50420 50413 e6a2e0 MsgWaitForMultipleObjectsEx 49843->50413 49844->49843 49846 e6a88a 49900 de8870 49854->49900 49901 edde86 2 API calls 49900->49901 49902 de88b4 49901->49902 49979 dbadd0 49902->49979 50365 e6a282 SetWindowPos 50364->50365 50367 e6a2ca 50365->50367 50414 e6a307 50413->50414 50415 e6a371 50413->50415 50416 e6a325 PeekMessageW 50414->50416 50417 e6a37b 50414->50417 50415->49846 50417->49846 50423 e5b470 50420->50423 50429 e81090 50423->50429 50437 de08f3 50436->50437 50438 de091b 50437->50438 50439 de0909 SetUnhandledExceptionFilter 50437->50439 50439->50438 50441 edde86 2 API calls 50440->50441 50442 e3ac68 50441->50442 50443 dc6e60 15 API calls 50442->50443 50444 e3acd0 50443->50444 50445 edde86 2 API calls 50444->50445 50446 e3ad08 50445->50446 50447 dc6e60 15 API calls 50446->50447 50451 e3ad6d 50447->50451 50448 e3ae40 50490 ea4f10 50448->50490 50450 db8250 16 API calls 50450->50451 50451->50448 50451->50450 50453 db8520 11 API calls 50451->50453 50453->50451 50489->49793 50491 edde86 2 API calls 50490->50491 50492 ea5007 50491->50492 50493 edde86 2 API calls 50492->50493 50494 ea503a 50493->50494 50495 dc6e60 15 API calls 50494->50495 50496 ea5082 50495->50496 50497 db8250 16 API calls 50496->50497 50498 ea52e2 50497->50498 50499 db8520 11 API calls 50498->50499 50500 ea52fd CreateEventW 50499->50500 50501 ea531d 50500->50501 50502 db8520 11 API calls 50501->50502 50503 ea5338 50502->50503 50504 db8250 16 API calls 50503->50504 50505 ea5370 50504->50505 50506 db8520 11 API calls 50505->50506 50507 ea538b CreateEventW 50506->50507 50508 ea53ab 50507->50508 50509 db8520 11 API calls 50508->50509 50510 ea53c6 50509->50510 50511 db8250 16 API calls 50510->50511 50512 ea53fe 50511->50512 50513 db8520 11 API calls 50512->50513 50514 ea5419 CreateEventW 50513->50514 50515 ea5439 50514->50515 50516 db8520 11 API calls 50515->50516 50517 ea5454 50516->50517 50518 db8250 16 API calls 50517->50518 50519 ea548c 50518->50519 50520 db8520 11 API calls 50519->50520 50521 ea54a7 CreateEventW 50520->50521 50522 ea54c6 50521->50522 50523 ea54d9 SetEvent 50522->50523 50524 ea54e0 50522->50524 50523->50524 50525 db8520 11 API calls 50524->50525 50526 ea54ec 50525->50526 50605 e6a4fe 50604->50605 50606 e87680 9 API calls 50605->50606 50607 e6a50f 50606->50607 50608 e72d20 8 API calls 50607->50608 50609 e6a51c 50608->50609 50610 db8d90 7 API calls 50609->50610 50611 e6a532 50610->50611 50611->49544 50613 e63de8 50612->50613 50621 e63dc7 50612->50621 50614 e63f9e 50613->50614 50615 e63e16 CreateFileW 50613->50615 50622 e63e08 50613->50622 50617 db99b0 2 API calls 50614->50617 50616 e63e3f 50615->50616 50618 e63e66 GetLastError 50616->50618 50619 e63ee7 50616->50619 50620 e63fa8 50617->50620 50624 e63e7d 50618->50624 50831 e85840 50619->50831 50621->50613 50621->50614 50844 e48290 RtlAllocateHeap RaiseException 50621->50844 50622->50615 50845 e48290 RtlAllocateHeap RaiseException 50622->50845 50846 e4a4e0 60 API calls 50624->50846 50627 e63ef0 50628 e63f7e 50627->50628 50629 e63efa 50627->50629 50839 e65c70 50628->50839 50632 e63eff GetLastError 50629->50632 50633 e63f45 50629->50633 50636 e63f19 50632->50636 50633->49559 50634 e63e95 50847 e544f0 7 API calls 50634->50847 50848 e4a4e0 60 API calls 50636->50848 50639 e63eab 50639->49559 50640 e63f2d 50849 e544f0 7 API calls 50640->50849 50643 e5c9cc 50642->50643 50644 e5c2e8 50643->50644 50645 e5c9e3 CreateFileW 50643->50645 50655 e525f0 50644->50655 50646 e5ca21 SetFilePointer 50645->50646 50647 e5ca10 50645->50647 50646->50647 50649 e5ca4a 50646->50649 50647->50644 50648 e5cac9 FindCloseChangeNotification 50647->50648 50648->50644 50902 e2f4e0 50649->50902 50651 e5ca74 ReadFile 50651->50647 50653 e5ca87 50651->50653 50652 e5ca59 50652->50651 50653->50647 50911 e7ed70 72 API calls 50653->50911 50912 e6cae0 RtlAllocateHeap RaiseException RaiseException 50655->50912 50662 e5cb43 50659->50662 50663 e5cb54 50659->50663 50660 db99b0 2 API calls 50661 e5cc7a 50660->50661 50662->50660 50662->50663 50663->49592 50665 e5e63e 50664->50665 50666 e5e62e 50664->50666 50670 e5ea18 50665->50670 50672 e5e9e5 50665->50672 50944 e628e0 12 API calls 50665->50944 50666->50665 50669 dc6020 7 API calls 50666->50669 50673 e5e65d 50669->50673 50674 e5eb33 50670->50674 50688 e5ea3a 50670->50688 50671 e5e827 50676 e5eb15 50671->50676 50682 e5e83f 50671->50682 50672->49610 50930 e69b90 50673->50930 50675 db99b0 2 API calls 50674->50675 50677 e5eb3d 50675->50677 50678 db99b0 2 API calls 50676->50678 50680 e5eb1f 50678->50680 50681 db99b0 2 API calls 50680->50681 50683 e5eb29 50681->50683 50684 e5e864 50682->50684 50945 e364f0 13 API calls 50682->50945 50685 db99b0 2 API calls 50683->50685 50687 ee575a 5 API calls 50684->50687 50693 e5e878 50684->50693 50685->50674 50687->50693 50913 e69200 50688->50913 50689 e5e92f 50689->50670 50692 e5e986 50689->50692 50690 e5e67d 50690->50665 50690->50676 50695 db8d90 7 API calls 50690->50695 50691 e5e908 50946 e6a960 7 API calls 50691->50946 50692->50672 50692->50683 50696 e5e9bb 50692->50696 50693->50680 50693->50689 50693->50691 50695->50665 50947 e6a960 7 API calls 50696->50947 50699 e6a59b 50698->50699 50700 e6a602 50699->50700 50701 e6a5a1 50699->50701 50702 db99b0 2 API calls 50700->50702 50704 db9230 5 API calls 50701->50704 50703 e6a60c 50702->50703 50705 e6a5be 50704->50705 50706 e6a610 42 API calls 50705->50706 50707 e5c619 50706->50707 50818->49589 50819->49550 50820->49564 50821->49563 50822->49570 50823->49589 50824->49582 50825->49582 50826->49616 50828->49550 50829->49547 50830->49560 50836 e85886 50831->50836 50832 e858db SetFilePointer 50833 e85902 ReadFile 50832->50833 50834 e858f4 GetLastError 50832->50834 50835 e8588d 50833->50835 50833->50836 50834->50833 50834->50835 50835->50627 50836->50832 50836->50835 50837 e859b6 SetFilePointer 50836->50837 50837->50835 50838 e859de ReadFile 50837->50838 50838->50835 50850 e66800 50839->50850 50841 e65c7f 50842 e63f8c 50841->50842 50866 e66ce0 50841->50866 50842->49559 50844->50613 50845->50615 50846->50634 50847->50639 50848->50640 50849->50633 50851 e668ed 50850->50851 50852 e6684b SetFilePointer 50850->50852 50851->50841 50852->50851 50854 e66901 50852->50854 50853 e66c4a 50855 db99b0 2 API calls 50853->50855 50854->50853 50857 e66b10 50854->50857 50858 e6695f ReadFile 50854->50858 50856 e66c54 50855->50856 50895 dc2000 RaiseException 50856->50895 50857->50841 50858->50857 50860 e66bcc GetLastError 50858->50860 50862 e66be9 50860->50862 50861 e66c60 50861->50841 50893 e4a4e0 60 API calls 50862->50893 50864 e66c03 50894 e544f0 7 API calls 50864->50894 50867 e66d1b SetFilePointer 50866->50867 50871 e66f9c 50866->50871 50868 e66d46 GetLastError 50867->50868 50869 e66dca 50867->50869 50872 e66d60 50868->50872 50870 e66df0 ReadFile 50869->50870 50869->50871 50873 e67073 GetLastError 50870->50873 50885 e66e12 50870->50885 50871->50842 50896 e4a4e0 60 API calls 50872->50896 50874 e67090 50873->50874 50900 e4a4e0 60 API calls 50874->50900 50876 e66d78 50897 e544f0 7 API calls 50876->50897 50878 e670e9 50881 db99b0 2 API calls 50878->50881 50879 e670a5 50901 e544f0 7 API calls 50879->50901 50883 e670f3 50881->50883 50882 e66d8e 50882->50842 50885->50870 50885->50871 50885->50873 50885->50878 50886 e66e72 ReadFile 50885->50886 50887 e66fc9 GetLastError 50885->50887 50889 e67013 50885->50889 50886->50885 50886->50887 50888 e66fe6 50887->50888 50898 e4a4e0 60 API calls 50888->50898 50889->50871 50891 e66ffb 50899 e544f0 7 API calls 50891->50899 50893->50864 50894->50853 50895->50861 50896->50876 50897->50882 50898->50891 50899->50889 50900->50879 50901->50889 50907 e2f51e 50902->50907 50903 e2f690 50904 db99b0 2 API calls 50903->50904 50910 e2f597 50904->50910 50905 db99b0 2 API calls 50906 e2f6a4 50905->50906 50906->50652 50907->50903 50907->50907 50908 e2f641 50907->50908 50909 db99b0 2 API calls 50907->50909 50907->50910 50908->50652 50909->50903 50910->50905 50910->50908 50911->50647 50914 e69b90 13 API calls 50913->50914 50916 e69237 50914->50916 50915 e6923d 50915->50672 50916->50915 50921 e693d2 50916->50921 50929 e69298 50916->50929 50917 e6933e 50919 e69351 50917->50919 50948 e693f0 RtlAllocateHeap RaiseException RaiseException 50917->50948 50918 e693dc 50950 dc2000 RaiseException 50918->50950 50926 e6937a 50919->50926 50949 e693f0 RtlAllocateHeap RaiseException RaiseException 50919->50949 50924 db99b0 2 API calls 50921->50924 50923 e693e8 50924->50918 50927 e69390 50926->50927 50928 ee575a 5 API calls 50926->50928 50927->50672 50928->50927 50929->50917 50929->50918 50931 e69bce EnumResourceLanguagesW 50930->50931 50938 e69d31 50930->50938 50932 e69c0d 50931->50932 50933 e69c5e 50932->50933 50934 e69d61 50932->50934 50942 e69ca0 50932->50942 50936 ee575a 5 API calls 50933->50936 50937 e69c6b 50933->50937 50952 dc2000 RaiseException 50934->50952 50936->50937 50937->50934 50939 e69d0f 50937->50939 50938->50690 50939->50938 50940 ee575a 5 API calls 50939->50940 50940->50938 50941 e69d6d 50941->50690 50942->50937 50951 df6f80 11 API calls 50942->50951 50944->50671 50945->50684 50946->50689 50947->50672 50950->50923 50951->50942 50952->50941 51702 e7423f WaitForSingleObject 51701->51702 51703 e7425d 51701->51703 51702->51703 51706 e353aa 51705->51706 51707 e6a180 4 API calls 51706->51707 51708 e353da 51707->51708 51708->49660 51710 e6909b FreeLibrary 51709->51710 51716 e690a2 51709->51716 51710->51716 51711 e6913d 51712 e6916c 51711->51712 51714 ee575a 5 API calls 51711->51714 51713 e69195 51712->51713 51715 ee575a 5 API calls 51712->51715 51713->49662 51714->51712 51715->51713 51716->51711 51717 e690e4 RegCloseKey 51716->51717 51718 e690f2 51717->51718 51719 e691e7 51718->51719 51720 e690fc 51718->51720 51721 db99b0 2 API calls 51719->51721 51723 db9230 5 API calls 51720->51723 51724 e69123 51720->51724 51722 e691f1 51721->51722 51723->51724 51745 e74270 69 API calls 51724->51745 51727 e687b0 9 API calls 51726->51727 51728 e633f5 51727->51728 51729 e63650 18 API calls 51728->51729 51730 e633fc 51729->51730 51746 e68990 51730->51746 51732 e63438 51733 e36930 5 API calls 51732->51733 51734 e63447 51733->51734 51735 e36930 5 API calls 51734->51735 51736 e634fe 51735->51736 51737 e36930 5 API calls 51736->51737 51738 e6350d 51737->51738 51751 e68d10 51738->51751 51741 e63534 CloseHandle 51742 e63545 51741->51742 51755 e68c60 51742->51755 51745->51711 51747 e689f4 51746->51747 51748 e689bd 51746->51748 51747->51732 51748->51747 51749 ee29df 11 API calls 51748->51749 51750 e68a2b 51749->51750 51753 e68d3f 51751->51753 51754 e6351c 51751->51754 51752 ee575a 5 API calls 51752->51754 51753->51752 51754->51741 51754->51742 51757 e63551 51755->51757 51758 e68c90 51755->51758 51756 ee575a 5 API calls 51756->51757 51757->49664 51758->51756 51760 ea2bbd 51759->51760 51784 ea2d27 51759->51784 51762 ea2bdf EnterCriticalSection 51760->51762 51763 ea2bd4 InitializeCriticalSection 51760->51763 51761 ea2d56 CloseHandle 51765 ea2d64 51761->51765 51764 db81f0 15 API calls 51762->51764 51763->51762 51766 ea2c25 51764->51766 51765->49681 51784->51761 51784->51765 51835 ddd0d0 51838 ddd11c 51835->51838 51836 ddd442 51837 ee6f92 11 API calls 51836->51837 51839 ddd473 51837->51839 51838->51836 51840 ddd167 51838->51840 51841 ddd172 51838->51841 51842 db7200 15 API calls 51840->51842 51897 db73f0 15 API calls 51841->51897 51844 ddd16c 51842->51844 51845 db8250 16 API calls 51844->51845 51846 ddd1d9 51845->51846 51847 db8250 16 API calls 51846->51847 51848 ddd215 51847->51848 51849 db8250 16 API calls 51848->51849 51850 ddd251 51849->51850 51887 e967d0 27 API calls 51850->51887 51852 ddd273 51888 e94de0 51852->51888 51854 ddd282 51855 db8520 11 API calls 51854->51855 51856 ddd294 51855->51856 51857 db8520 11 API calls 51856->51857 51858 ddd2a0 51857->51858 51859 db8520 11 API calls 51858->51859 51860 ddd2ac 51859->51860 51861 db8520 11 API calls 51860->51861 51862 ddd2b8 51861->51862 51863 ddd40e 51862->51863 51866 db8250 16 API calls 51862->51866 51864 ddd42d 51863->51864 51865 ddd420 51863->51865 51899 db73f0 15 API calls 51864->51899 51867 db7200 15 API calls 51865->51867 51869 ddd306 51866->51869 51870 ddd427 51867->51870 51871 db8250 16 API calls 51869->51871 51873 db8520 11 API calls 51870->51873 51872 ddd342 51871->51872 51874 db8250 16 API calls 51872->51874 51873->51836 51875 ddd37e 51874->51875 51898 e967d0 27 API calls 51875->51898 51877 ddd3a0 51878 ddd3b7 51877->51878 51879 db8520 11 API calls 51877->51879 51880 db8520 11 API calls 51878->51880 51879->51878 51881 ddd3ea 51880->51881 51882 db8520 11 API calls 51881->51882 51883 ddd3f6 51882->51883 51884 db8520 11 API calls 51883->51884 51885 ddd402 51884->51885 51886 db8520 11 API calls 51885->51886 51886->51863 51887->51852 51889 e94e20 51888->51889 51891 e94e57 51888->51891 51889->51854 51890 e94f8e 51901 e46fe0 11 API calls 51890->51901 51892 e94f29 51891->51892 51895 e94e6f 51891->51895 51900 e47080 88 API calls 51891->51900 51892->51890 51894 db8250 16 API calls 51892->51894 51894->51890 51895->51854 51897->51844 51898->51877 51899->51870 51900->51892 51901->51895 51902 dec090 51903 dec0be 51902->51903 51904 dec0b0 51902->51904 51904->51903 51905 dec11a 51904->51905 51906 dec17a 51904->51906 51907 dec0d2 GetCursorPos 51904->51907 51910 dec12e 51904->51910 51919 df1080 18 API calls 51905->51919 51911 dec19d 51906->51911 51912 dec188 PostMessageW 51906->51912 51909 dec169 51907->51909 51913 dec0f4 SetCursorPos SetCursorPos 51907->51913 51910->51909 51915 dec143 IsWindow 51910->51915 51912->51911 51914 dec126 51915->51909 51916 dec153 51915->51916 51920 df6b50 14 API calls 51916->51920 51918 dec15f 51919->51914 51920->51918 51921 de83d0 ShowWindow 51922 de2550 51923 de258e 51922->51923 51924 df9480 16 API calls 51923->51924 51925 de25aa 51924->51925 51926 db8250 16 API calls 51925->51926 51927 de25ef 51926->51927 51928 db8520 11 API calls 51927->51928 51929 de2612 51928->51929 51930 db8520 11 API calls 51929->51930 51931 de261e 51930->51931 51932 db8520 11 API calls 51931->51932 51933 de266c 51932->51933 51934 db8520 11 API calls 51933->51934 51935 de2678 51934->51935 51936 db8520 11 API calls 51935->51936 51937 de2684 51936->51937 51938 db8520 11 API calls 51937->51938 51939 de2693 51938->51939 51940 df8710 51941 df874d 51940->51941 51949 df88a9 51940->51949 51942 df87f9 51941->51942 51943 df8753 51941->51943 51944 df8860 GetExitCodeThread 51942->51944 51953 df87df 51942->51953 51945 df875a 51943->51945 51946 df87d1 51943->51946 51947 df887a 51944->51947 51944->51953 51948 df8761 51945->51948 51954 df877e 51945->51954 51946->51953 51957 df8d60 51946->51957 51947->51953 51955 df888f WaitForSingleObject 51947->51955 51950 df876a SetEvent 51948->51950 51948->51953 51952 db8250 16 API calls 51949->51952 51949->51953 51950->51953 51952->51954 51954->51953 51956 db8520 11 API calls 51954->51956 51955->51953 51956->51953 51982 df8aa0 51957->51982 51959 df8d95 51960 db8250 16 API calls 51959->51960 51961 df8dcd 51960->51961 51962 db8520 11 API calls 51961->51962 51963 df8dee CreateEventW 51962->51963 51964 df8e13 51963->51964 51965 db8520 11 API calls 51964->51965 51966 df8e31 51965->51966 51967 db8520 11 API calls 51966->51967 51968 df8eb5 51967->51968 51969 db8520 11 API calls 51968->51969 51970 df8ec4 51969->51970 51971 df8f5d 51970->51971 51972 df8ecc 51970->51972 51973 edde86 2 API calls 51971->51973 51975 db8520 11 API calls 51972->51975 51974 df8f64 CreateThread 51973->51974 51976 df8fa0 51974->51976 51978 df8f4c 51975->51978 51977 df8fbc WaitForSingleObject 51976->51977 51980 df8fdf 51977->51980 51979 db8520 11 API calls 51978->51979 51981 df8f5b 51979->51981 51980->51953 51981->51977 52003 e9d200 51982->52003 51984 df8ae8 51985 db8250 16 API calls 51984->51985 51986 df8b46 51985->51986 51987 db8520 11 API calls 51986->51987 51988 df8b77 51987->51988 51989 db8250 16 API calls 51988->51989 51990 df8bec 51988->51990 51992 df8bbd 51989->51992 51991 db8250 16 API calls 51990->51991 51993 df8c5e 51991->51993 51994 db8520 11 API calls 51992->51994 51995 db8520 11 API calls 51993->51995 51994->51990 51996 df8c8f 51995->51996 51997 db8250 16 API calls 51996->51997 51998 df8cea 51997->51998 51999 db8520 11 API calls 51998->51999 52000 df8d1b 51999->52000 52008 df9d20 52000->52008 52002 df8d39 52002->51959 52004 e9d20b 52003->52004 52007 e9d225 52003->52007 52004->52007 52032 e9d3f0 11 API calls 52004->52032 52006 e9d222 52006->51984 52007->51984 52009 db9fe0 52008->52009 52010 df9d64 GetCurrentProcessId 52009->52010 52033 e40e40 52010->52033 52012 df9d7f 52013 dfa170 15 API calls 52012->52013 52014 df9da7 52013->52014 52015 db8520 11 API calls 52014->52015 52016 df9db3 52015->52016 52017 db8520 11 API calls 52016->52017 52019 df9dd3 52017->52019 52018 df9deb PathFileExistsW 52020 db8520 11 API calls 52018->52020 52019->52018 52022 df9e00 52020->52022 52021 df9e50 52023 db7200 15 API calls 52021->52023 52025 df9e6e 52021->52025 52022->52021 52024 df9e1f CreateDirectoryW 52022->52024 52023->52025 52027 db8520 11 API calls 52024->52027 52026 db8520 11 API calls 52025->52026 52031 df9e4c 52026->52031 52028 df9e39 52027->52028 52028->52021 52029 df9e3d 52028->52029 52030 db8520 11 API calls 52029->52030 52030->52031 52031->52002 52032->52006 52034 e40e94 52033->52034 52035 db8250 16 API calls 52034->52035 52036 e40ed1 52035->52036 52036->52012 52037 de43ce 52039 de43e4 52037->52039 52038 de449b 52040 db8520 11 API calls 52038->52040 52039->52038 52043 dc9310 52039->52043 52041 de44bd 52040->52041 52044 dc934a 52043->52044 52046 dc935b 52043->52046 52045 db99b0 2 API calls 52044->52045 52044->52046 52047 dc93f0 52045->52047 52046->52038 52047->52038 52048 e16fb0 52049 e16ffc 52048->52049 52050 e170d4 52049->52050 52051 e1703b 52049->52051 52052 db99b0 2 API calls 52050->52052 52055 db9230 5 API calls 52051->52055 52057 e17065 52051->52057 52053 e170de 52052->52053 52054 de7cd0 16 API calls 52053->52054 52056 e1711d 52054->52056 52055->52057 52058 e1712a SendMessageW 52056->52058 52063 e1715e 52056->52063 52077 e29b70 CreateWindowExW SendMessageW SendMessageW 52057->52077 52061 e17151 SetWindowTextW 52058->52061 52062 e1714f 52058->52062 52061->52063 52062->52061 52065 e1718b GetDesktopWindow GetDC GetDeviceCaps 52063->52065 52066 e17219 52063->52066 52064 e17096 52067 e171a8 52065->52067 52068 db8520 11 API calls 52066->52068 52069 e172fa 52066->52069 52080 e29c00 GetWindowLongW 52067->52080 52070 e172eb 52068->52070 52072 db8520 11 API calls 52070->52072 52072->52069 52073 e171fb 52074 db8520 11 API calls 52073->52074 52075 e1720a 52074->52075 52076 db8520 11 API calls 52075->52076 52076->52066 52078 dc0440 8 API calls 52077->52078 52079 e29be9 52078->52079 52079->52064 52081 e29c54 DeleteObject 52080->52081 52082 e29c5b 52080->52082 52081->52082 52083 e29c76 52082->52083 52084 e29c6f DestroyCursor 52082->52084 52085 e29c8f SetWindowLongW 52083->52085 52088 e29df6 52083->52088 52084->52083 52086 e32000 8 API calls 52085->52086 52089 e29ccc 52086->52089 52087 e29e60 52087->52073 52088->52087 52091 e14160 4 API calls 52088->52091 52090 dc6020 7 API calls 52089->52090 52093 e29ce7 52090->52093 52092 e29e2c SetWindowLongW SendMessageW 52091->52092 52092->52087 52094 e29d7d 52093->52094 52095 e29d3d 52093->52095 52098 e29d83 DeleteObject 52094->52098 52099 e29d4e SendMessageW 52094->52099 52096 e29d45 52095->52096 52097 e29d59 52095->52097 52104 e32920 52096->52104 52108 e329d0 8 API calls 52097->52108 52098->52099 52103 e29dd3 52099->52103 52103->52087 52107 e32934 52104->52107 52106 e329c0 52106->52099 52109 e32820 52107->52109 52108->52099 52110 e32855 52109->52110 52111 e3286b 52109->52111 52110->52106 52112 e32882 GetDC CreateCompatibleBitmap GetDC CreateCompatibleDC SelectObject 52111->52112 52113 e32871 DeleteObject 52111->52113 52115 e328e2 52112->52115 52113->52112 52114 e3287c 52113->52114 52114->52112 52116 e328ef DeleteDC 52115->52116 52117 e328fd 52115->52117 52116->52117 52117->52106 52120 eee83d GetLastError 52121 eee854 52120->52121 52124 eee85a 52120->52124 52132 ef0bae TlsGetValue 52121->52132 52125 eee890 52124->52125 52126 eee8c8 52124->52126 52130 eee860 SetLastError 52124->52130 52127 eee938 3 API calls 52125->52127 52133 eee514 GetLastError SetLastError RtlFreeHeap GetLastError TlsGetValue 52126->52133 52127->52130 52129 eee8d3 52131 eee938 3 API calls 52129->52131 52131->52130 52132->52124 52133->52129 52134 e4d130 52135 e4d167 52134->52135 52136 e4d1ce 52134->52136 52138 e4d1b1 SysAllocStringLen 52135->52138 52139 e4d169 SysFreeString 52135->52139 52137 db99b0 2 API calls 52136->52137 52141 e4d1d8 52137->52141 52138->52139 52140 e4d1c4 52138->52140 52146 e4d1ad 52139->52146 52142 db99b0 2 API calls 52140->52142 52143 e4d225 52141->52143 52144 e4d217 LocalFree 52141->52144 52142->52136 52144->52143 52147 eed47b 52148 eed49b 52147->52148 52149 eed489 52147->52149 52157 eed322 52148->52157 52168 edee7f GetModuleHandleW 52149->52168 52152 eed4ce 52153 eed4d4 52152->52153 52161 eed4df 52152->52161 52155 eed48e 52155->52148 52158 eed32e 52157->52158 52169 eed38e 52158->52169 52160 eed345 52160->52152 52184 ef825a GetPEB 52161->52184 52163 eed4e9 52164 eed50e 52163->52164 52165 eed4ee GetPEB 52163->52165 52167 eed516 ExitProcess 52164->52167 52165->52164 52166 eed4fe GetCurrentProcess TerminateProcess 52165->52166 52166->52164 52168->52155 52170 eed39a 52169->52170 52172 eed3fb 52170->52172 52173 eedeb2 52170->52173 52172->52160 52176 eedbe3 52173->52176 52175 eededd 52175->52172 52177 eedbef 52176->52177 52180 eeddc2 52177->52180 52179 eedc0a 52179->52175 52181 eeddd9 52180->52181 52182 eedde1 52180->52182 52181->52179 52182->52181 52183 eee938 5 API calls 52182->52183 52183->52181 52185 ef8274 52184->52185 52185->52163 52186 e97eb0 52189 e97ed0 52186->52189 52188 e97ec0 52206 e98560 52189->52206 52191 e97f18 WaitForSingleObject 52192 e97f34 ResetEvent 52191->52192 52205 e97f2d 52191->52205 52193 edde86 2 API calls 52192->52193 52194 e97f42 52193->52194 52195 db7200 15 API calls 52194->52195 52196 e97f63 52195->52196 52197 db7200 15 API calls 52196->52197 52198 e97f72 52197->52198 52199 db8520 11 API calls 52198->52199 52200 e98004 52199->52200 52201 db8520 11 API calls 52200->52201 52202 e98010 52201->52202 52203 edde86 2 API calls 52202->52203 52204 e9802f CreateThread 52203->52204 52204->52205 52220 de08e0 SetUnhandledExceptionFilter 52204->52220 52205->52188 52207 db8250 16 API calls 52206->52207 52208 e985c4 52207->52208 52209 db8c10 15 API calls 52208->52209 52210 e985e0 52209->52210 52211 db8c10 15 API calls 52210->52211 52212 e985ef 52211->52212 52213 e985fa OpenEventW 52212->52213 52214 e9861a CreateEventW 52213->52214 52215 e98633 52213->52215 52214->52215 52216 db8520 11 API calls 52215->52216 52217 e9863f 52216->52217 52218 db8520 11 API calls 52217->52218 52219 e9864e 52218->52219 52219->52191 52221 db9bc0 52222 db9c04 52221->52222 52223 db9bcc 52221->52223 52223->52222 52224 db99b0 2 API calls 52223->52224 52224->52222 52225 dc1e41 52226 dc1ec7 52225->52226 52227 dc1eec GetWindowLongW CallWindowProcW 52226->52227 52228 dc1ed6 CallWindowProcW 52226->52228 52231 dc1f3b 52226->52231 52229 dc1f20 GetWindowLongW 52227->52229 52227->52231 52228->52231 52230 dc1f2d SetWindowLongW 52229->52230 52229->52231 52230->52231 52232 dee7c0 52233 dee81b 52232->52233 52234 dee823 IsWindow 52233->52234 52236 deeb0d 52233->52236 52235 dee834 DestroyWindow PostQuitMessage 52234->52235 52234->52236 52235->52236 52237 df68c0 52238 df6937 52237->52238 52239 df696e 52238->52239 52240 df6988 SetWindowLongW 52238->52240 52240->52239 52241 df3e80 52242 df3f16 52241->52242 52243 df3ec3 ShowWindow 52241->52243 52244 df3f8b 52242->52244 52245 df3f1b GetWindowLongW SetWindowLongW NtdllDefWindowProc_W SetWindowLongW 52242->52245 52246 df3d60 33 API calls 52243->52246 52247 df4002 52244->52247 52248 df3f92 GetWindowLongW SetWindowLongW NtdllDefWindowProc_W SetWindowLongW 52244->52248 52259 df4007 52245->52259 52253 df3ee1 52246->52253 52249 df411d 52247->52249 52250 df4055 52247->52250 52247->52259 52248->52259 52251 df416a GetWindowRect 52249->52251 52252 df41d0 52249->52252 52249->52259 52254 df406d GetWindowDC 52250->52254 52250->52259 52301 de48b0 52251->52301 52257 df4225 52252->52257 52258 df4250 52252->52258 52252->52259 52256 df3efc ShowWindow 52253->52256 52293 de4c50 52254->52293 52256->52259 52330 df4c50 52257->52330 52262 df42ec 52258->52262 52263 df425b 52258->52263 52261 df40a4 GetWindowLongW SetWindowLongW NtdllDefWindowProc_W SetWindowLongW 52261->52259 52264 df40fd DeleteDC 52261->52264 52267 df439f 52262->52267 52268 df42f7 52262->52268 52265 df426a GetWindowDC 52263->52265 52266 df4287 52263->52266 52264->52259 52269 df42a7 52265->52269 52266->52259 52270 df428c GetWindowDC 52266->52270 52267->52259 52271 df451a 52267->52271 52280 df43cc 52267->52280 52272 df430b GetWindowDC 52268->52272 52273 df4335 52268->52273 52269->52259 52275 df42bb DeleteDC 52269->52275 52270->52269 52271->52259 52281 df4543 GetWindowDC 52271->52281 52276 df432c SendMessageW 52272->52276 52273->52259 52274 df433e GetWindowDC 52273->52274 52274->52276 52275->52259 52278 df438f 52276->52278 52279 df4381 DeleteDC 52276->52279 52278->52259 52279->52278 52280->52259 52282 df43f8 GetSystemMetrics GetAsyncKeyState 52280->52282 52283 df456d 52281->52283 52284 df4438 GetWindowDC 52282->52284 52283->52259 52286 df4586 DeleteDC 52283->52286 52287 df447a 52284->52287 52286->52259 52288 df4498 TrackMouseEvent 52287->52288 52289 df44bf 52287->52289 52288->52289 52289->52259 52290 df44ca DeleteDC 52289->52290 52290->52259 52299 de4c94 52293->52299 52294 de4d71 IsRectEmpty 52296 de4d7f CreateRectRgn SelectClipRgn 52294->52296 52297 de4dd3 52294->52297 52295 de4ddb 52295->52261 52296->52297 52300 de4dc2 DeleteObject 52296->52300 52344 de5ce0 GetClientRect 52297->52344 52299->52294 52299->52295 52300->52297 52302 de48ea 52301->52302 52303 de4978 52301->52303 52305 de48f6 GetWindowLongW 52302->52305 52304 de4a15 52303->52304 52307 de4993 GetWindowLongW 52303->52307 52306 de4b5b 52304->52306 52312 de4a30 GetWindowLongW 52304->52312 52308 de494c PtInRect 52305->52308 52309 de490a GetWindowRect OffsetRect 52305->52309 52313 de4b69 GetWindowLongW 52306->52313 52310 de49e9 PtInRect 52307->52310 52311 de49a7 GetWindowRect OffsetRect 52307->52311 52308->52303 52321 de4960 52308->52321 52309->52308 52310->52304 52318 de49fd 52310->52318 52311->52310 52314 de4a86 PtInRect 52312->52314 52315 de4a44 GetWindowRect OffsetRect 52312->52315 52316 de4bbf PtInRect 52313->52316 52317 de4b7d GetWindowRect OffsetRect 52313->52317 52319 de4a9a 52314->52319 52320 de4ab2 SendMessageW 52314->52320 52315->52314 52322 de4bd3 52316->52322 52326 de4c02 52316->52326 52317->52316 52318->52259 52319->52259 52320->52306 52323 de4acb 52320->52323 52321->52259 52324 de4be6 PtInRect 52322->52324 52322->52326 52325 de4ad9 GetWindowLongW 52323->52325 52324->52326 52327 de4b2f PtInRect 52325->52327 52328 de4aed GetWindowRect OffsetRect 52325->52328 52326->52259 52327->52306 52329 de4b43 52327->52329 52328->52327 52329->52259 52331 df4c8a GetWindowDC GetWindowRect 52330->52331 52333 df4cdd 52331->52333 52334 df4d26 52331->52334 52333->52334 52335 df4ce2 GetRgnBox IntersectRect 52333->52335 52336 df4d38 CreateRectRgn SelectClipRgn 52334->52336 52337 df4d0e OffsetRect 52335->52337 52338 df4d93 52335->52338 52343 de4c50 39 API calls 52336->52343 52337->52336 52340 df4d9e DeleteDC 52338->52340 52341 df4dac 52338->52341 52339 df4d7a 52339->52338 52342 df4d82 DeleteObject 52339->52342 52340->52341 52341->52259 52342->52338 52343->52339 52345 de5d2f OffsetRect ExcludeClipRect GetWindowRect OffsetRect 52344->52345 52347 de5da0 52345->52347 52368 de5fb0 GetWindowRect 52347->52368 52349 de5db9 52350 de5ddc 52349->52350 52351 de6720 11 API calls 52349->52351 52353 de5f5d 52349->52353 52352 de5dff 52350->52352 52350->52353 52354 de6720 11 API calls 52350->52354 52351->52350 52352->52353 52370 de6720 52352->52370 52353->52295 52354->52352 52356 de5e19 52356->52353 52357 de5e30 SendMessageW 52356->52357 52358 de5ea9 52357->52358 52359 de5e52 GetSystemMetrics GetSystemMetrics DrawIconEx 52357->52359 52360 de5f9a 52358->52360 52361 de5ec6 52358->52361 52359->52358 52362 db99b0 2 API calls 52360->52362 52375 dc9a20 GetWindowTextLengthW 52361->52375 52363 de5fa4 52362->52363 52365 de5ee1 52384 de6830 GetWindowRect 52365->52384 52367 de5ef3 6 API calls 52367->52353 52369 de6009 52368->52369 52369->52349 52389 de6370 52370->52389 52372 de6768 52373 de676e GetWindowRect 52372->52373 52374 de6797 52372->52374 52373->52374 52374->52356 52376 dc9a34 52375->52376 52382 dc9a68 52375->52382 52378 dc9a55 GetWindowTextW 52376->52378 52377 db99b0 2 API calls 52379 dc9aa4 52377->52379 52378->52382 52380 dc9ad8 DeleteDC 52379->52380 52381 dc9ae5 52379->52381 52380->52381 52381->52365 52382->52377 52383 dc9a87 52382->52383 52383->52365 52385 de59d0 52384->52385 52386 de6888 SendMessageW 52385->52386 52387 de68a8 GetSystemMetrics GetSystemMetrics 52386->52387 52388 de68c3 52386->52388 52387->52388 52388->52367 52390 de63a8 52389->52390 52393 de64fe 52389->52393 52391 de63b0 52390->52391 52390->52393 52392 edde86 2 API calls 52391->52392 52397 de6479 52391->52397 52394 de63c3 52392->52394 52395 edde86 2 API calls 52393->52395 52393->52397 52396 e32000 8 API calls 52394->52396 52398 de65b4 52395->52398 52400 de6408 52396->52400 52397->52372 52399 e32000 8 API calls 52398->52399 52399->52400 52400->52372 52401 df7580 52402 df7725 PostMessageW 52401->52402 52403 df75bd 52401->52403 52404 df75cb 52402->52404 52405 df7693 SendMessageW 52403->52405 52406 df7691 52403->52406 52407 df75c6 52403->52407 52408 df7719 52405->52408 52406->52405 52407->52404 52409 db8520 11 API calls 52407->52409 52408->52407 52410 df7656 52409->52410 52411 db8520 11 API calls 52410->52411 52411->52404 52412 dfe900 52413 dfe915 52412->52413 52414 dfe920 52412->52414 52415 dfe94b 52414->52415 52416 dfeb84 52414->52416 52419 dfeaa8 52414->52419 52421 dfeb2d 52414->52421 52422 dfea63 52414->52422 52423 dfea01 52414->52423 52435 dfea2e 52414->52435 52438 dfebf0 52415->52438 52417 dfebf0 26 API calls 52416->52417 52417->52435 52428 dfebf0 26 API calls 52419->52428 52420 dfe959 52426 dfe9a5 52420->52426 52427 dfe982 52420->52427 52430 dfebf0 26 API calls 52421->52430 52421->52435 52424 dfebf0 26 API calls 52422->52424 52422->52435 52425 dfebf0 26 API calls 52423->52425 52423->52435 52424->52435 52425->52435 52431 dfebf0 26 API calls 52426->52431 52432 dfebf0 26 API calls 52427->52432 52429 dfeaeb 52428->52429 52434 dfebf0 26 API calls 52429->52434 52430->52435 52433 dfe98b 52431->52433 52432->52433 52436 dfebf0 26 API calls 52433->52436 52437 dfe9d3 52434->52437 52436->52437 52439 dfec24 52438->52439 52443 dfec41 52438->52443 52440 edde86 2 API calls 52439->52440 52441 dfec2b 52440->52441 52442 e8d410 24 API calls 52441->52442 52442->52443 52443->52420 52444 e1de00 52445 e1de4c 52444->52445 52446 e1df44 52445->52446 52447 e1dead 52445->52447 52448 db99b0 2 API calls 52446->52448 52451 db9230 5 API calls 52447->52451 52453 e1ded7 52447->52453 52449 e1df4e 52448->52449 52463 e2c930 52449->52463 52451->52453 52452 e1df89 SendMessageW 52454 e1dfaf 52452->52454 52456 e2c8a0 11 API calls 52453->52456 52455 e1dfb3 SetWindowPos RedrawWindow 52454->52455 52457 e1dfda 52454->52457 52455->52457 52459 e1df06 52456->52459 52458 e1e089 SendMessageW SendMessageW 52457->52458 52460 e1e0dc 52458->52460 52492 dbbce0 52460->52492 52462 e1e0f9 52464 de7cd0 16 API calls 52463->52464 52465 e2c97e 52464->52465 52496 dccb00 52465->52496 52467 e2c994 52468 db8250 16 API calls 52467->52468 52469 e2c9dd 52468->52469 52470 e2ca0d 52469->52470 52471 db8520 11 API calls 52469->52471 52472 db8520 11 API calls 52470->52472 52471->52470 52473 e2ca43 52472->52473 52474 db8520 11 API calls 52473->52474 52475 e2ca52 52474->52475 52476 db8250 16 API calls 52475->52476 52477 e2ca9b 52476->52477 52478 e2cacb 52477->52478 52479 db8520 11 API calls 52477->52479 52480 db8520 11 API calls 52478->52480 52479->52478 52481 e2cb01 52480->52481 52482 db8520 11 API calls 52481->52482 52483 e2cb10 52482->52483 52484 e2cd46 52483->52484 52485 e2cb32 52483->52485 52486 e2cb46 SetWindowPos RedrawWindow 52483->52486 52484->52452 52485->52486 52487 e2cb90 SendMessageW 52486->52487 52488 db9860 52487->52488 52489 e2cbd9 GetDC GetDeviceCaps MulDiv CreateFontW 52488->52489 52490 e2cc50 52489->52490 52490->52484 52491 db8250 16 API calls 52490->52491 52491->52484 52493 dbbd0d 52492->52493 52494 dbbd28 52492->52494 52493->52492 52493->52494 52495 ee29df 11 API calls 52493->52495 52494->52462 52495->52493 52497 db8250 16 API calls 52496->52497 52498 dccb88 52497->52498 52499 db8520 11 API calls 52498->52499 52500 dccbae 52499->52500 52501 db8250 16 API calls 52500->52501 52502 dccbf0 52501->52502 52503 db8520 11 API calls 52502->52503 52504 dccc1d 52503->52504 52505 db8520 11 API calls 52504->52505 52506 dccc29 52505->52506 52507 db8250 16 API calls 52506->52507 52508 dccc6b 52507->52508 52509 db8520 11 API calls 52508->52509 52510 dccc92 52509->52510 52511 db8520 11 API calls 52510->52511 52515 dccc9e 52511->52515 52512 dcce06 52513 db8250 16 API calls 52512->52513 52514 dcce48 52513->52514 52520 db8520 11 API calls 52514->52520 52515->52512 52516 dccced 52515->52516 52517 dcccfe 52515->52517 52518 db7290 11 API calls 52516->52518 52519 ee6f92 11 API calls 52517->52519 52521 dcccf9 52518->52521 52522 dccd0c 52519->52522 52529 dcce68 52520->52529 52523 db8520 11 API calls 52521->52523 52526 ee6f92 11 API calls 52522->52526 52527 dccf8d 52523->52527 52524 dccf6f 52525 db8520 11 API calls 52524->52525 52525->52521 52528 dccd48 52526->52528 52527->52467 52533 ee6f92 11 API calls 52528->52533 52536 dccd76 52528->52536 52529->52524 52530 dccf3e 52529->52530 52532 ee6f92 11 API calls 52529->52532 52531 db7290 11 API calls 52530->52531 52531->52524 52535 dccec3 52532->52535 52533->52536 52534 dccdb8 52539 db7290 11 API calls 52534->52539 52538 dccf05 52535->52538 52540 ee6f92 11 API calls 52535->52540 52536->52534 52537 ee6f92 11 API calls 52536->52537 52537->52534 52541 ee6f92 11 API calls 52538->52541 52539->52512 52540->52538 52541->52530 52542 e12380 52559 de82e0 52542->52559 52544 e123b3 SysAllocString 52546 e123d4 52544->52546 52547 e123d8 SendMessageW VariantClear 52544->52547 52546->52547 52548 e12422 52546->52548 52565 ea13b0 16 API calls 52548->52565 52551 e12469 SysAllocString 52553 e12492 52551->52553 52554 e12496 SendMessageW VariantClear 52551->52554 52553->52554 52555 e124f7 52553->52555 52557 db8520 11 API calls 52554->52557 52558 e124da 52557->52558 52560 de8318 52559->52560 52561 db8520 11 API calls 52560->52561 52562 de8360 52561->52562 52563 de8364 52562->52563 52566 e25e20 52562->52566 52563->52544 52565->52551 52567 e25e28 52566->52567 52568 e25e40 InvalidateRect 52567->52568 52569 e25e38 SetWindowTextW 52567->52569 52568->52563 52569->52568 52570 e2c500 52571 e2c51c SendMessageW 52570->52571 52572 e47180 52573 e47189 52572->52573 52574 e471a9 52572->52574 52573->52574 52575 ee29df 11 API calls 52573->52575 52576 e471d8 52575->52576 52585 e47250 52576->52585 52578 e47215 52594 e47730 52578->52594 52580 e47221 52581 e47730 11 API calls 52580->52581 52582 e4722d 52581->52582 52583 e47730 11 API calls 52582->52583 52584 e4723b 52583->52584 52601 e474f0 52585->52601 52587 e472bd RemoveDirectoryW 52589 db8520 11 API calls 52587->52589 52588 e47285 52588->52587 52592 e472d3 52588->52592 52589->52588 52590 e4735c 52590->52578 52591 dc6020 7 API calls 52591->52592 52592->52590 52592->52591 52593 db8520 11 API calls 52592->52593 52593->52592 52595 e477bd 52594->52595 52599 e4775e 52594->52599 52595->52580 52596 e47788 52596->52595 52598 ee29df 11 API calls 52596->52598 52597 db8520 11 API calls 52597->52599 52600 e477f4 52598->52600 52599->52596 52599->52597 52602 e4766e 52601->52602 52605 e47533 52601->52605 52602->52588 52603 e4755f DeleteFileW 52603->52605 52605->52602 52605->52603 52606 db8520 11 API calls 52605->52606 52610 e47580 52605->52610 52612 e47390 RtlAllocateHeap RaiseException 52605->52612 52606->52605 52609 e475e7 DeleteFileW 52609->52610 52610->52605 52611 e4762a FindNextFileW 52610->52611 52613 e4ee20 78 API calls 52610->52613 52614 e4f310 69 API calls 52610->52614 52611->52610 52612->52605 52613->52610 52614->52609 52615 edb4c8 52636 edb229 52615->52636 52618 edb535 52619 edb540 RaiseException 52618->52619 52622 edb700 52619->52622 52620 edb559 52621 edb5d1 LoadLibraryExA 52620->52621 52620->52622 52624 edb632 52620->52624 52628 edb644 52620->52628 52623 edb5e4 GetLastError 52621->52623 52621->52624 52625 edb60d 52623->52625 52630 edb5f7 52623->52630 52627 edb63d FreeLibrary 52624->52627 52624->52628 52631 edb618 RaiseException 52625->52631 52626 edb6a2 GetProcAddress 52626->52622 52629 edb6b2 GetLastError 52626->52629 52627->52628 52628->52622 52628->52626 52632 edb6c5 52629->52632 52630->52624 52630->52625 52631->52622 52632->52622 52633 edb6e6 RaiseException 52632->52633 52634 edb229 6 API calls 52633->52634 52635 edb6fd 52634->52635 52635->52622 52637 edb25b 52636->52637 52638 edb235 52636->52638 52637->52618 52637->52620 52644 edb2cf GetModuleHandleW GetProcAddress GetProcAddress 52638->52644 52640 edb23a 52641 edb24a 52640->52641 52642 edb256 52640->52642 52645 edb3f8 VirtualQuery GetSystemInfo VirtualProtect 52641->52645 52644->52640 52645->52642 52646 debb78 52649 df12c0 52646->52649 52648 debb8a 52650 df1313 52649->52650 52656 df1324 52649->52656 52650->52648 52651 df146f 52652 db71c0 16 API calls 52651->52652 52654 df1487 52652->52654 52653 df1397 GetDiskFreeSpaceExW 52653->52656 52655 db71c0 16 API calls 52654->52655 52657 df149b 52655->52657 52656->52650 52656->52651 52656->52653 52658 df13f6 52656->52658 52661 db8520 11 API calls 52657->52661 52669 db71c0 52658->52669 52663 df14bd 52661->52663 52662 db71c0 16 API calls 52664 df1422 52662->52664 52665 db8520 11 API calls 52663->52665 52666 db8520 11 API calls 52664->52666 52665->52650 52667 df1441 52666->52667 52668 db8520 11 API calls 52667->52668 52668->52650 52670 db71e1 52669->52670 52670->52670 52671 db8250 16 API calls 52670->52671 52672 db71f9 52671->52672 52672->52662 52673 e72840 52674 e72874 52673->52674 52675 dbe160 60 API calls 52674->52675 52679 e72959 52674->52679 52676 e72899 52675->52676 52686 e723f0 52676->52686 52683 e728e3 RegCloseKey 52685 e7293a 52683->52685 52687 e72426 52686->52687 52689 e7242b 52686->52689 52688 e81440 24 API calls 52687->52688 52688->52689 52690 dbe040 60 API calls 52689->52690 52691 e7247a RegOpenKeyExW 52690->52691 52692 e724b4 52691->52692 52692->52679 52693 dbe040 52692->52693 52694 dbe160 60 API calls 52693->52694 52695 dbe07e 52694->52695 52696 e73fd0 52695->52696 52697 e74018 52696->52697 52698 e7402d RegQueryValueExW 52697->52698 52699 e7408d 52698->52699 52701 e7404b 52698->52701 52700 e740b7 52699->52700 52702 e740c0 52699->52702 52704 e740a3 52699->52704 52700->52683 52705 e7406f RegQueryValueExW 52701->52705 52702->52702 52703 e740e1 52702->52703 52709 dbe270 60 API calls 52703->52709 52704->52700 52706 db8d90 7 API calls 52704->52706 52705->52699 52705->52701 52706->52700 52708 e740f5 52708->52700 52709->52708 52710 de83b0 KiUserCallbackDispatcher 52711 df7c70 PostMessageW 52712 df7830 52713 df7857 SendMessageW PostMessageW 52712->52713 52714 df7843 52712->52714 52716 db8250 16 API calls 52714->52716 52716->52713 52719 e72050 52723 e720a5 52719->52723 52726 e720c9 52719->52726 52720 e722b0 52721 db99b0 2 API calls 52720->52721 52722 e722ba 52721->52722 52723->52720 52723->52726 52746 e48290 RtlAllocateHeap RaiseException 52723->52746 52725 e72104 FindFirstFileW 52727 e721f4 52725->52727 52730 e72133 52725->52730 52726->52725 52729 e72256 FindClose 52727->52729 52732 e72267 52727->52732 52729->52732 52737 e87570 52730->52737 52731 e72170 52733 e722a6 52731->52733 52734 e721b4 52731->52734 52735 db99b0 2 API calls 52733->52735 52736 db8d90 7 API calls 52734->52736 52735->52720 52736->52727 52747 e870e0 52737->52747 52739 e875b1 GetFileVersionInfoSizeW 52740 e875ca 52739->52740 52741 e8762e GetLastError 52739->52741 52742 e875da 52740->52742 52744 e875e1 GetFileVersionInfoW 52740->52744 52741->52742 52743 e87640 DeleteFileW 52742->52743 52745 e87647 52742->52745 52743->52745 52744->52741 52744->52742 52745->52731 52746->52726 52748 e81440 24 API calls 52747->52748 52749 e8711e 52748->52749 52750 ede23a 4 API calls 52749->52750 52752 e871ca 52749->52752 52754 e87143 52750->52754 52751 e8720e SHGetFolderPathW 52755 e8722c 52751->52755 52752->52751 52753 e8738a 52752->52753 52753->52739 52754->52752 52766 ede1f0 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 52754->52766 52755->52753 52757 e872aa GetTempPathW 52755->52757 52764 ee0140 52757->52764 52760 e87420 52761 e872fe Wow64DisableWow64FsRedirection CopyFileW 52760->52761 52762 e87350 52761->52762 52762->52753 52763 e87368 Wow64RevertWow64FsRedirection 52762->52763 52763->52753 52765 e872d2 GetTempFileNameW 52764->52765 52765->52760 52766->52752 52767 ea28d0 52768 ea293f WriteFile 52767->52768 52769 ea2906 52767->52769 52771 ea299b 52768->52771 52772 ea2962 52768->52772 52775 ea26a0 52771->52775 52774 ea29a9 52776 ea26fc ConnectNamedPipe 52775->52776 52783 ea2708 52775->52783 52777 ea270f GetLastError 52776->52777 52776->52783 52777->52783 52778 ea275d 52780 db8520 11 API calls 52778->52780 52779 ea279e ReadFile 52781 ea27b8 GetLastError 52779->52781 52779->52783 52782 ea28ab 52780->52782 52781->52778 52781->52783 52782->52774 52783->52778 52783->52779 52784 db8c10 15 API calls 52783->52784 52785 ea280d PeekNamedPipe 52784->52785 52785->52778 52785->52783 52786 ea2250 52787 ea228c 52786->52787 52792 ea2285 52786->52792 52788 ea22ad 52787->52788 52790 db8250 16 API calls 52787->52790 52798 ea2ad0 52788->52798 52790->52788 52793 ea22fc CreateFileW 52795 ea2329 52793->52795 52796 ea2325 52793->52796 52794 ea22c6 CreateNamedPipeW 52794->52793 52794->52795 52797 db8520 11 API calls 52795->52797 52796->52795 52797->52792 52799 db8250 16 API calls 52798->52799 52800 ea2b2f 52799->52800 52801 db8c10 15 API calls 52800->52801 52802 ea22b8 52801->52802 52802->52793 52802->52794 52803 dcc0a0 52804 dcc0b5 52803->52804 52808 dcc110 52803->52808 52805 dcc0d7 52804->52805 52806 dcc0f3 52804->52806 52804->52808 52812 e9ca90 15 API calls 52805->52812 52811 dc9a20 5 API calls 52806->52811 52809 dcc0e2 52810 dcc0fe 52811->52810 52812->52809 52813 deece0 GetDC 52850 de6da0 16 API calls 52813->52850 52815 deed4f 52851 e48cf0 52815->52851 52817 deed6e 52818 db71c0 16 API calls 52817->52818 52819 deed88 52818->52819 52820 db8520 11 API calls 52819->52820 52821 deedb7 52820->52821 52822 db8520 11 API calls 52821->52822 52824 deedc3 52822->52824 52823 deee97 52859 df6b50 14 API calls 52823->52859 52824->52823 52825 deee63 GetCurrentThreadId 52824->52825 52827 db71c0 16 API calls 52824->52827 52856 df6ee0 EnterCriticalSection 52825->52856 52830 deee14 52827->52830 52828 deeea6 GetDC GetDeviceCaps MulDiv 52832 deeed1 52828->52832 52837 db8520 11 API calls 52830->52837 52831 deee6f 52857 df6e00 RtlAllocateHeap RaiseException 52831->52857 52835 deeed9 SendMessageW 52832->52835 52841 deef6d 52832->52841 52834 deee84 52858 df6d20 RtlAllocateHeap RaiseException 52834->52858 52842 deeef5 52835->52842 52838 deee3d 52837->52838 52839 db8520 11 API calls 52838->52839 52840 deee49 52839->52840 52840->52825 52843 db71c0 16 API calls 52842->52843 52844 deef11 52843->52844 52845 db7200 15 API calls 52844->52845 52846 deef2c 52845->52846 52860 dca160 11 API calls 52846->52860 52848 deef66 52861 df0490 11 API calls 52848->52861 52850->52815 52862 e4df80 LoadLibraryW 52851->52862 52854 e4df80 6 API calls 52855 e48d20 SendMessageW SendMessageW 52854->52855 52855->52817 52856->52831 52857->52834 52858->52823 52859->52828 52860->52848 52861->52841 52863 e4e004 GetSystemMetrics GetSystemMetrics LoadImageW 52862->52863 52864 e4dfdb GetProcAddress 52862->52864 52866 e4dfff 52863->52866 52864->52863 52865 e4dfeb 52864->52865 52865->52863 52865->52866 52867 e48d0e 52866->52867 52868 e4e05e FreeLibrary 52866->52868 52867->52854 52868->52867 52869 deb0e0 52870 deb3da 52869->52870 52871 deb123 52869->52871 52872 db8520 11 API calls 52871->52872 52873 deb197 52872->52873 52874 db8250 16 API calls 52873->52874 52875 deb1c7 52874->52875 52876 db7200 15 API calls 52875->52876 52877 deb1df 52876->52877 52878 db8520 11 API calls 52877->52878 52879 deb211 52878->52879 52880 db8520 11 API calls 52879->52880 52881 deb220 52880->52881 52882 deb269 52881->52882 52883 deb224 SetWindowTextW GetFocus 52881->52883 52903 e94ab0 16 API calls 52882->52903 52885 deb3ce 52883->52885 52886 deb254 SendMessageW 52883->52886 52888 db8520 11 API calls 52885->52888 52886->52885 52888->52870 52889 deb282 52904 e96350 52889->52904 52891 deb29a 52892 db8250 16 API calls 52891->52892 52893 deb329 52892->52893 52894 db8520 11 API calls 52893->52894 52895 deb345 52894->52895 52896 db8520 11 API calls 52895->52896 52897 deb395 52896->52897 52898 db8520 11 API calls 52897->52898 52899 deb3a4 52898->52899 52900 db8520 11 API calls 52899->52900 52901 deb3bf 52900->52901 52921 e94c40 16 API calls 52901->52921 52903->52889 52905 e40e40 16 API calls 52904->52905 52906 e9639c 52905->52906 52907 db8520 11 API calls 52906->52907 52908 e963c0 52907->52908 52909 db8250 16 API calls 52908->52909 52910 e96403 52909->52910 52922 e95410 52910->52922 52913 db8520 11 API calls 52920 e96423 52913->52920 52914 e964c2 52915 db8520 11 API calls 52914->52915 52917 e964ce 52915->52917 52917->52891 52918 db8520 11 API calls 52918->52920 52919 db8250 16 API calls 52919->52920 52920->52914 52920->52918 52920->52919 52931 e94990 52920->52931 52921->52885 52937 e94d30 52922->52937 52924 e9541f 52925 e9543a 52924->52925 52927 db8250 16 API calls 52924->52927 52944 e954e0 52925->52944 52927->52925 52928 e9544a 52977 e95a20 52928->52977 52930 e9545c 52930->52913 52932 e949cf 52931->52932 52936 e94a25 52931->52936 52933 ede23a 4 API calls 52932->52933 52934 e949d9 52933->52934 52934->52936 53045 ede1f0 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 52934->53045 52936->52920 52938 db8250 16 API calls 52937->52938 52939 e94d48 52938->52939 52940 e94d60 52939->52940 52941 db8520 11 API calls 52939->52941 52994 e974f0 52940->52994 52941->52939 52943 e94d78 52943->52924 52945 e9552a 52944->52945 52947 e95831 52944->52947 52946 db8250 16 API calls 52945->52946 52948 e95550 52946->52948 52947->52928 52949 e956f2 52948->52949 52970 e9555f 52948->52970 52951 db8c10 15 API calls 52949->52951 52950 e95642 53003 db8db0 52950->53003 52951->52950 52953 db8c10 15 API calls 52953->52970 52956 db8250 16 API calls 52956->52970 52958 db8c10 15 API calls 52959 e95685 52958->52959 52960 db8520 11 API calls 52959->52960 52962 e95691 52960->52962 52961 db8e50 15 API calls 52961->52970 52963 db8520 11 API calls 52962->52963 52964 e9569d 52963->52964 52966 db8c10 15 API calls 52964->52966 52968 e956ce 52964->52968 52965 db8520 11 API calls 52965->52970 52967 e956b0 52966->52967 52971 db8c10 15 API calls 52967->52971 52969 e957d6 52968->52969 52973 db8250 16 API calls 52968->52973 52974 db8e50 15 API calls 52968->52974 52975 db8c10 15 API calls 52968->52975 52976 db8520 11 API calls 52968->52976 52972 db8520 11 API calls 52969->52972 52970->52950 52970->52953 52970->52956 52970->52961 52970->52965 52971->52968 52972->52947 52973->52968 52974->52968 52975->52968 52976->52968 52978 e96283 52977->52978 52993 e95a86 52977->52993 52978->52930 52979 edde86 2 API calls 52979->52993 52981 dd8cf0 11 API calls 52981->52993 52982 e96d20 15 API calls 52982->52993 52983 db8250 16 API calls 52983->52993 52985 db8520 11 API calls 52985->52993 52988 e94990 8 API calls 52988->52993 52989 db8e50 15 API calls 52989->52993 52991 db8c10 15 API calls 52991->52993 52993->52978 52993->52979 52993->52981 52993->52982 52993->52983 52993->52985 52993->52988 52993->52989 52993->52991 53016 e952c0 52993->53016 53026 e40d70 16 API calls 52993->53026 53027 e44390 15 API calls 52993->53027 53028 e491f0 52993->53028 53042 e97090 15 API calls 52993->53042 53043 e972c0 15 API calls 52993->53043 52995 e97556 52994->52995 52997 e97522 52994->52997 52995->52943 52997->52995 52998 dd8cf0 52997->52998 52999 dd8d6c 52998->52999 53002 dd8d24 52998->53002 52999->52997 53000 dd8cf0 11 API calls 53000->53002 53001 db8520 11 API calls 53001->53002 53002->52999 53002->53000 53002->53001 53004 db8df0 53003->53004 53006 db8e49 53004->53006 53012 db8f90 53004->53012 53007 db8e27 53008 db8e50 53007->53008 53009 db8e90 53008->53009 53009->53009 53010 db8c10 15 API calls 53009->53010 53011 db8eab 53010->53011 53011->52958 53013 db8fbf 53012->53013 53015 db8fe6 53012->53015 53014 db81f0 15 API calls 53013->53014 53014->53015 53015->53007 53017 e9530d 53016->53017 53018 e9530f CreateFileW 53016->53018 53017->53018 53019 e9532f 53018->53019 53020 e491f0 15 API calls 53019->53020 53021 e9535e 53020->53021 53022 e953aa WriteFile 53021->53022 53023 e953c7 53021->53023 53022->53021 53022->53023 53024 e953fc 53023->53024 53025 e953ee CloseHandle 53023->53025 53024->52993 53025->53024 53026->52993 53027->52993 53029 e49200 53028->53029 53030 e4922e 53028->53030 53031 e49207 53029->53031 53032 e4925b 53029->53032 53033 e4924a 53030->53033 53036 edde86 2 API calls 53030->53036 53035 edde86 2 API calls 53031->53035 53044 db81d0 15 API calls 53032->53044 53033->52993 53037 e4920d 53035->53037 53038 e49238 53036->53038 53039 ee29df 11 API calls 53037->53039 53040 e49216 53037->53040 53038->52993 53041 e49265 53039->53041 53040->52993 53041->52993 53042->52993 53043->52993 53044->53037 53045->52936 53046 ded0a1 53047 db71c0 16 API calls 53046->53047 53048 ded0b1 53047->53048 53063 df2d50 53048->53063 53050 ded0c8 53051 db8520 11 API calls 53050->53051 53052 ded0e3 53051->53052 53053 db71c0 16 API calls 53052->53053 53060 ded155 53052->53060 53055 ded106 53053->53055 53056 db71c0 16 API calls 53055->53056 53058 ded11b 53056->53058 53057 ded16a 53061 ded18e KiUserCallbackDispatcher 53057->53061 53085 dca160 11 API calls 53058->53085 53075 df17e0 53060->53075 53062 ded47c 53061->53062 53068 df2d8a 53063->53068 53064 df2e54 53066 db8520 11 API calls 53064->53066 53065 df2e15 53067 df2e2f 53065->53067 53070 db8250 16 API calls 53065->53070 53069 df2e72 53066->53069 53067->53064 53072 df3d60 33 API calls 53067->53072 53068->53064 53068->53065 53071 db8250 16 API calls 53068->53071 53069->53050 53070->53067 53071->53065 53073 df2e3c IsWindow 53072->53073 53073->53064 53076 df181f 53075->53076 53077 df195e 53075->53077 53078 db8250 16 API calls 53076->53078 53079 df185f 53076->53079 53077->53057 53078->53079 53080 df18ca 53079->53080 53081 db8520 11 API calls 53079->53081 53082 db8520 11 API calls 53080->53082 53083 df18e4 53080->53083 53081->53080 53082->53083 53083->53077 53083->53083 53084 df194a SetTimer 53083->53084 53084->53077 53085->53060 53086 dfb660 53087 dfb684 53086->53087 53088 dfb66f 53086->53088 53089 dfb6a5 53087->53089 53090 dfb695 53087->53090 53095 dfb6a3 53087->53095 53088->53087 53099 dfab33 53088->53099 53103 dd80a0 11 API calls 53089->53103 53102 df50f0 11 API calls 53090->53102 53091 db8250 16 API calls 53094 dfb6ee 53091->53094 53096 db8250 16 API calls 53094->53096 53095->53091 53097 dfb6fd 53096->53097 53104 de19a0 53099->53104 53101 dfab78 53101->53088 53102->53095 53103->53095 53105 db8520 11 API calls 53104->53105 53106 de19db 53105->53106 53107 db8520 11 API calls 53106->53107 53108 de19ea 53107->53108 53109 db8520 11 API calls 53108->53109 53110 de19f9 53109->53110 53111 db8520 11 API calls 53110->53111 53112 de1a08 53111->53112 53113 db8520 11 API calls 53112->53113 53114 de1a14 53113->53114 53115 db8520 11 API calls 53114->53115 53116 de1a20 53115->53116 53117 db8520 11 API calls 53116->53117 53118 de1a2c 53117->53118 53119 db8520 11 API calls 53118->53119 53120 de1a38 53119->53120 53121 db8520 11 API calls 53120->53121 53122 de1a46 53121->53122 53122->53101 53123 dff960 53124 de7cd0 16 API calls 53123->53124 53126 dff968 53124->53126 53125 dff97a 53126->53125 53127 db7200 15 API calls 53126->53127 53128 dffa65 53127->53128 53129 e3e250 11 API calls 53128->53129 53130 dffa87 53129->53130 53131 db8520 11 API calls 53130->53131 53132 dffa93 53131->53132 53133 db8520 11 API calls 53132->53133 53134 dffa9f 53133->53134 53135 e32000 8 API calls 53134->53135 53136 dffac1 53135->53136 53137 dc6020 7 API calls 53136->53137 53138 dffae9 53137->53138 53139 db8520 11 API calls 53138->53139 53140 dffb5b 53139->53140 53141 dffb9a GetWindowLongW 53140->53141 53142 dffb70 53140->53142 53145 dffbe4 53141->53145 53146 dffcdd 53141->53146 53143 dffb84 DeleteObject 53142->53143 53148 dffb8b 53142->53148 53143->53148 53147 db8250 16 API calls 53145->53147 53149 dffef4 53146->53149 53154 dffd05 53146->53154 53150 dffc1c 53147->53150 53151 db8520 11 API calls 53148->53151 53152 dfff0e 53149->53152 53153 dfff03 53149->53153 53155 db8c10 15 API calls 53150->53155 53156 dfff9b 53151->53156 53178 e329d0 8 API calls 53152->53178 53157 e32920 7 API calls 53153->53157 53158 edde86 2 API calls 53154->53158 53164 dffc3b 53155->53164 53159 dfff0c 53157->53159 53165 dffd0f 53158->53165 53161 dfff23 SendMessageW 53159->53161 53161->53148 53162 dffcad 53163 db8520 11 API calls 53162->53163 53163->53146 53164->53162 53166 db8520 11 API calls 53164->53166 53167 db8520 11 API calls 53165->53167 53168 dffca1 53166->53168 53169 dffe84 53167->53169 53170 db8520 11 API calls 53168->53170 53171 dc0440 8 API calls 53169->53171 53170->53162 53172 dffeb8 GetClientRect 53171->53172 53173 dffed2 53172->53173 53173->53148 53174 dffee7 53173->53174 53177 dcb390 InitializeCriticalSection EnterCriticalSection SetTimer 53174->53177 53176 dffef2 53176->53148 53177->53176 53178->53161

                    Executed Functions

                    Function 00DF3E80 Relevance: 47.1, APIs: 31, Instructions: 576nativekeyboardwindowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 0 df3e80-df3ec1 1 df3f16-df3f19 0->1 2 df3ec3-df3ef5 ShowWindow call df3d60 call df3ae0 0->2 3 df3f8b-df3f90 1->3 4 df3f1b-df3f86 GetWindowLongW SetWindowLongW NtdllDefWindowProc_W SetWindowLongW 1->4 40 df3efc-df3f11 ShowWindow 2->40 41 df3ef7 2->41 7 df4002-df4005 3->7 8 df3f92-df4000 GetWindowLongW SetWindowLongW NtdllDefWindowProc_W SetWindowLongW 3->8 6 df402c-df4047 call edde47 4->6 11 df404a-df404f 7->11 12 df4007-df4013 7->12 8->6 14 df411d-df4120 11->14 15 df4055-df406b 11->15 24 df401d-df401f call df3ae0 12->24 25 df4015-df4018 12->25 18 df4163-df4168 14->18 19 df4122-df4132 14->19 31 df406d-df40fb GetWindowDC call de4c50 GetWindowLongW SetWindowLongW NtdllDefWindowProc_W SetWindowLongW 15->31 32 df4024 15->32 22 df416a-df416f 18->22 23 df41d0-df41d5 18->23 26 df4138-df413b 19->26 27 df42d2-df42dc 19->27 33 df4174-df41b7 GetWindowRect call de48b0 22->33 34 df4171 22->34 36 df421e-df4223 23->36 37 df41d7-df41f1 23->37 24->32 25->24 38 df413d-df4140 26->38 39 df4157-df415e 26->39 29 df402a 27->29 30 df42e2-df42e7 27->30 29->6 30->6 56 df40fd-df4105 DeleteDC 31->56 57 df410b-df4118 31->57 32->29 52 df41ba-df41be 33->52 34->33 42 df4225-df4235 call df4c50 36->42 43 df4250-df4255 36->43 53 df4203-df4219 37->53 54 df41f3-df41f5 37->54 38->39 44 df4142-df4145 38->44 39->27 40->6 41->40 55 df423a-df4240 42->55 50 df42ec-df42f1 43->50 51 df425b-df4268 43->51 44->27 46 df414b-df4152 44->46 46->27 60 df439f-df43a4 50->60 61 df42f7-df42fc 50->61 58 df426a-df4285 GetWindowDC 51->58 59 df4287-df428a 51->59 52->32 62 df41c4-df41cb 52->62 53->6 54->53 63 df41f7-df41f9 54->63 55->29 69 df4246-df424b 55->69 56->57 57->6 70 df42a7-df42b9 58->70 71 df428c-df42a5 GetWindowDC 59->71 72 df42cb 59->72 65 df43a6-df43b1 60->65 66 df43c1-df43c6 60->66 67 df42fe 61->67 68 df4303-df4309 61->68 62->6 63->53 73 df41fb-df41fd 63->73 65->29 74 df43b7-df43bc 65->74 75 df43cc-df43ce 66->75 76 df451a-df451f 66->76 67->68 77 df430b-df4333 GetWindowDC 68->77 78 df4335-df4338 68->78 69->6 70->27 89 df42bb-df42c9 DeleteDC 70->89 71->70 72->27 73->32 73->53 74->6 82 df43d8 75->82 83 df43d0-df43d6 75->83 79 df45a7-df45ac 76->79 80 df4525-df452a 76->80 93 df4366-df437f SendMessageW 77->93 78->32 84 df433e-df4361 GetWindowDC 78->84 79->29 88 df45b2-df45ba 79->88 85 df452c 80->85 86 df4531-df453d 80->86 87 df43df-df43f2 82->87 83->87 84->93 85->86 86->32 101 df4543-df4584 GetWindowDC 86->101 102 df44d8-df44e2 87->102 103 df43f8-df4432 GetSystemMetrics GetAsyncKeyState 87->103 88->32 92 df45c0 88->92 89->27 98 df45c3-df45c5 92->98 94 df438f-df439a 93->94 95 df4381-df4389 DeleteDC 93->95 94->6 95->94 99 df45c7-df45cc 98->99 100 df45d3-df45e3 98->100 99->98 106 df45ce 99->106 100->6 114 df4586-df458e DeleteDC 101->114 115 df4594-df45a2 101->115 102->29 107 df44e8-df44ed 102->107 104 df4438-df444f 103->104 105 df44f2-df44f8 103->105 108 df4452 104->108 105->108 111 df44fe-df4515 105->111 106->32 107->6 112 df4455-df4491 GetWindowDC 108->112 111->112 118 df4498-df44b9 TrackMouseEvent 112->118 119 df4493-df4496 112->119 114->115 115->6 120 df44bf-df44c8 118->120 119->118 119->120 120->102 121 df44ca-df44d2 DeleteDC 120->121 121->102
                    APIs
                    • ShowWindow.USER32(?,00000005,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DF3F00
                    • GetWindowLongW.USER32(?,000000F0), ref: 00DF3FA9
                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DF3FC7
                    • NtdllDefWindowProc_W.NTDLL(?,00000080,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DF3FDD
                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DF3FF4
                    • ShowWindow.USER32(?,00000000,604EB446,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DF3ED4
                      • Part of subcall function 00DF3AE0: SetWindowRgn.USER32(00000004,00000000,00000001), ref: 00DF3B45
                    • GetWindowLongW.USER32(?,000000F0), ref: 00DF3F32
                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DF3F50
                    • NtdllDefWindowProc_W.NTDLL(?,0000000C,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DF3F63
                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DF3F7A
                    • GetWindowDC.USER32(?,?,?,?,?,?,?,?,?,?,?), ref: 00DF407C
                    • GetWindowLongW.USER32(?,000000F0), ref: 00DF40AB
                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DF40C9
                    • NtdllDefWindowProc_W.NTDLL(?,00000086,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00DF40DB
                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DF40ED
                    • DeleteDC.GDI32(?), ref: 00DF4105
                    • GetWindowRect.USER32(?,?), ref: 00DF4190
                    • GetWindowDC.USER32(?,604EB446,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DF426D
                    • GetWindowDC.USER32(?,604EB446,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DF428F
                    • DeleteDC.GDI32(00000000), ref: 00DF42C3
                    • GetWindowDC.USER32(?,604EB446,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DF430D
                    • GetWindowDC.USER32(?,604EB446,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DF4340
                    • SendMessageW.USER32(?,00000112,0000F060,00000000), ref: 00DF436D
                    • DeleteDC.GDI32(?), ref: 00DF4389
                    • GetSystemMetrics.USER32(00000017), ref: 00DF43FF
                    • GetAsyncKeyState.USER32(00000001), ref: 00DF4410
                    • GetWindowDC.USER32(00000004), ref: 00DF445A
                    • TrackMouseEvent.USER32(00000010), ref: 00DF44B9
                    • DeleteDC.GDI32(?), ref: 00DF44D2
                    • GetWindowDC.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DF454D
                    • DeleteDC.GDI32(00000000), ref: 00DF458E
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Long$Delete$NtdllProc_$Show$AsyncEventMessageMetricsMouseRectSendStateSystemTrack
                    • String ID:
                    • API String ID: 1136914148-0
                    • Opcode ID: 9fcd2497a59e8fcf85f522c5884c477c6d3b7b79335e249c691cce3937fe295d
                    • Instruction ID: be53720c5d97f1cef9a7002cc731f7872627266389ab7a846d0d1b828a069624
                    • Opcode Fuzzy Hash: 9fcd2497a59e8fcf85f522c5884c477c6d3b7b79335e249c691cce3937fe295d
                    • Instruction Fuzzy Hash: FB327F70A00219EFDB20CF54C944BAEBBB1FF49315F258159EA51A73E0C776AD50CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE48B0 Relevance: 33.3, APIs: 22, Instructions: 294windowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetWindowLongW.USER32(?,000000EC), ref: 00DE48FD
                    • GetWindowRect.USER32(?,?), ref: 00DE491C
                    • OffsetRect.USER32(?,?,00000000), ref: 00DE4932
                    • PtInRect.USER32(?,?,?), ref: 00DE4956
                    • GetWindowLongW.USER32(?,000000EC), ref: 00DE499A
                    • GetWindowRect.USER32(?,?), ref: 00DE49B9
                    • OffsetRect.USER32(?,?,00000000), ref: 00DE49CF
                    • GetWindowLongW.USER32(?,000000EC), ref: 00DE4A37
                    • GetWindowRect.USER32(?,?), ref: 00DE4A56
                    • OffsetRect.USER32(?,?,00000000), ref: 00DE4A6C
                    • PtInRect.USER32(?,?,?), ref: 00DE4A90
                    • SendMessageW.USER32(?,0000007F,00000000,00000000), ref: 00DE4ABD
                    • GetWindowLongW.USER32(?,000000EC), ref: 00DE4AE0
                    • GetWindowRect.USER32(?,?), ref: 00DE4AFF
                    • OffsetRect.USER32(?,?,00000000), ref: 00DE4B15
                    • PtInRect.USER32(?,?,?), ref: 00DE4B39
                    • PtInRect.USER32(?,?,?), ref: 00DE49F3
                      • Part of subcall function 00DE5A40: SetRectEmpty.USER32(?), ref: 00DE5A61
                      • Part of subcall function 00DE5A40: GetWindowRect.USER32(?,?), ref: 00DE5A79
                    • GetWindowLongW.USER32(?,000000EC), ref: 00DE4B70
                    • GetWindowRect.USER32(?,?), ref: 00DE4B8F
                    • OffsetRect.USER32(?,?,00000000), ref: 00DE4BA5
                    • PtInRect.USER32(?,?,?), ref: 00DE4BC9
                    • PtInRect.USER32(?,?,?), ref: 00DE4BF8
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Rect$Window$LongOffset$EmptyMessageSend
                    • String ID:
                    • API String ID: 2934371545-0
                    • Opcode ID: a6d5d34e1bb4649d4cdc99be97c2365260fa52b76fb247ae614137e4fda2db45
                    • Instruction ID: 75c232e9111b098ae533222700f1930b68d367df1933cd43d249e8ef654ac4f3
                    • Opcode Fuzzy Hash: a6d5d34e1bb4649d4cdc99be97c2365260fa52b76fb247ae614137e4fda2db45
                    • Instruction Fuzzy Hash: FBB149716083459FC711DF65D944B6ABBE8EF99304F004A1EF589D72A1DB30E948CBA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00ED9080 Relevance: 25.1, APIs: 12, Strings: 2, Instructions: 646memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 301 ed9080-ed90ef 302 ed90f0-ed90f9 301->302 302->302 303 ed90fb-ed913d call db8250 call eda380 302->303 309 ed93c1 303->309 310 ed9143-ed91da VariantInit * 4 303->310 311 ed93c5-ed93ce 309->311 312 ed91e0-ed9215 VariantClear * 4 310->312 313 ed93d6-ed9405 call db8520 call edde47 311->313 314 ed93d0-ed93d2 311->314 312->309 315 ed921b-ed9246 call edde86 312->315 314->313 322 ed926d 315->322 323 ed9248-ed9265 SysAllocString 315->323 324 ed926f-ed9278 322->324 325 ed926b 323->325 326 ed9406-ed945d call edbdf0 323->326 324->326 327 ed927e-ed929b 324->327 325->324 331 ed945f-ed9468 call db9ce0 326->331 332 ed94b7-ed94ba 326->332 335 ed929d-ed92a1 327->335 336 ed92d2-ed92db 327->336 348 ed946e-ed948b 331->348 349 ed97b1-ed97dc call db99b0 331->349 333 ed9581-ed959b 332->333 334 ed94c0-ed94c7 call db9ce0 332->334 358 ed9697-ed96e6 call db9ce0 333->358 359 ed95a1-ed95a8 call db9ce0 333->359 334->349 354 ed94cd-ed94f0 call db9230 334->354 339 ed92b0-ed92b5 335->339 340 ed92a3-ed92aa SysFreeString 335->340 342 ed92dd-ed92e1 336->342 343 ed92e6-ed9314 call edde86 336->343 346 ed92c7-ed92cf call edde55 339->346 347 ed92b7-ed92c0 call ede702 339->347 340->339 351 ed93ae-ed93b7 342->351 360 ed933e 343->360 361 ed9316-ed9331 SysAllocString 343->361 346->336 347->346 374 ed948d-ed9496 call db9230 348->374 375 ed9498-ed949f call db9860 348->375 370 ed987b-ed9885 call db99b0 349->370 371 ed97e2-ed97f4 349->371 351->311 355 ed93b9-ed93bf 351->355 397 ed952f-ed9536 call db9ce0 354->397 398 ed94f2-ed9521 call db94f0 354->398 355->311 358->349 384 ed96ec-ed9710 358->384 359->349 385 ed95ae-ed95d1 call db9230 359->385 368 ed9340-ed9349 360->368 361->368 369 ed9333-ed9336 361->369 368->326 379 ed934f-ed936a 368->379 369->326 378 ed933c 369->378 394 ed9868-ed987a call edde47 371->394 395 ed97f6-ed980f 371->395 390 ed94a4-ed94b2 374->390 375->390 378->368 404 ed936c-ed9370 379->404 405 ed93a1-ed93aa 379->405 399 ed9722-ed9729 384->399 400 ed9712-ed971f call db9740 384->400 422 ed9609-ed9610 call db9ce0 385->422 423 ed95d3-ed9602 call db94f0 385->423 391 ed9678-ed9694 call edde47 390->391 395->394 425 ed9811-ed9819 395->425 397->349 419 ed953c-ed9558 397->419 398->391 426 ed9527-ed952a 398->426 410 ed972b-ed975b call ee905c call ee590f 399->410 411 ed97a7-ed97ac call db99b0 399->411 400->399 415 ed937f-ed9384 404->415 416 ed9372-ed9379 SysFreeString 404->416 405->351 410->411 451 ed975d-ed9760 410->451 411->349 427 ed9396-ed939e call edde55 415->427 428 ed9386-ed938f call ede702 415->428 416->415 443 ed955a-ed9563 call db9230 419->443 444 ed9565-ed956c call db9860 419->444 422->349 447 ed9616-ed9632 422->447 423->391 445 ed9604-ed9607 423->445 425->394 433 ed981b-ed9824 425->433 434 ed9673 426->434 427->405 428->427 433->394 441 ed9826-ed982f 433->441 434->391 441->394 448 ed9831-ed983a 441->448 455 ed9571-ed957c 443->455 444->455 445->434 461 ed963f-ed9646 call db9860 447->461 462 ed9634-ed963d call db9230 447->462 448->394 452 ed983c-ed9845 448->452 451->411 456 ed9762-ed9797 call db94f0 451->456 452->394 453 ed9847-ed9850 452->453 453->394 458 ed9852-ed9867 call edde47 453->458 459 ed9656-ed966e 455->459 456->391 471 ed979d-ed97a0 456->471 459->391 465 ed9670-ed9672 459->465 470 ed964b-ed964f 461->470 462->470 465->434 470->459 471->411
                    APIs
                    • VariantInit.OLEAUT32(?), ref: 00ED915B
                    • VariantInit.OLEAUT32(?), ref: 00ED9173
                    • VariantInit.OLEAUT32(?), ref: 00ED9188
                    • VariantInit.OLEAUT32(?), ref: 00ED919D
                    • VariantClear.OLEAUT32(?), ref: 00ED91F0
                    • VariantClear.OLEAUT32(?), ref: 00ED91FA
                    • VariantClear.OLEAUT32(?), ref: 00ED9204
                    • VariantClear.OLEAUT32(?), ref: 00ED9211
                    • SysAllocString.OLEAUT32(Function_001997CC), ref: 00ED925B
                    • SysFreeString.OLEAUT32 ref: 00ED92A4
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                      • Part of subcall function 00DB9230: FindResourceW.KERNEL32(00000000,?,00000006,?,000000FF,?,00E828EB,\\.\pipe\ToServer,?,?,?,00000000,00F15C26,000000FF,?,80004005), ref: 00DB9257
                    • SysAllocString.OLEAUT32(?), ref: 00ED9327
                    • SysFreeString.OLEAUT32 ref: 00ED9373
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Variant$ClearInitString$AllocFree$FindHeapProcessResource
                    • String ID: %Y-%m-%dT%H:%M:%S$Invalid DateTime
                    • API String ID: 620569351-1556709289
                    • Opcode ID: 90a7fbd680b4c33df992f32f20fcad5ad62f0d54ad61d9603b992665ad467ffa
                    • Instruction ID: 1afb236d9df158df3c39b85dd4ef41dc48b2bd0c477f3697a05876ece899b0f3
                    • Opcode Fuzzy Hash: 90a7fbd680b4c33df992f32f20fcad5ad62f0d54ad61d9603b992665ad467ffa
                    • Instruction Fuzzy Hash: DB32AC70D04249DBDB10DFA8C904BEEFBF4EF45314F14825AE855AB382EB749946CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E5BE70 Relevance: 23.6, APIs: 9, Strings: 4, Instructions: 853threadCOMMON
                    Download Yara Rule
                    APIs
                    • GetTickCount.KERNEL32 ref: 00E5BED9
                    • GetCommandLineW.KERNEL32(Full command line:,00000012), ref: 00E5BFD0
                    • SetCurrentDirectoryW.KERNEL32(00000000,604EB446,FFFFFFFF,00000000,604EB446,?,?), ref: 00E5C0EE
                    • CreateEventW.KERNEL32(00000000,00000000,00000000,?,?,?,?,Advinst_,00000008), ref: 00E5C4F8
                    • GetLastError.KERNEL32 ref: 00E5C52A
                    • SetEvent.KERNEL32(00000000), ref: 00E5C545
                    • SetEvent.KERNEL32(00000000), ref: 00E5C557
                    • GetDriveTypeW.KERNEL32(?,000000DC,00000000), ref: 00E5C744
                    • CreateThread.KERNEL32(00000000,00000000,Function_000C4220,00F981C8,00000000,?), ref: 00E5C57E
                      • Part of subcall function 00E6A7F0: CreateThread.KERNEL32(00000000,00000000,Function_000D7A40,00F555A8,00000000,00000000), ref: 00E6A86D
                      • Part of subcall function 00E6A7F0: GetLastError.KERNEL32 ref: 00E6A87A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CreateEvent$ErrorLastThread$CommandCountCurrentDirectoryDriveLineTickType
                    • String ID: $Advinst_$Command line to pass to MSI:$Full command line:
                    • API String ID: 1851394938-3048059918
                    • Opcode ID: f18af1470ac9f3c4920a835b7d1e50dab0fffe06179ace092e77f2417434d051
                    • Instruction ID: d64d8ef1075d21a0502c392cb0ce88dc8f15b0f7efe2bf6ccef6d89ee81f29de
                    • Opcode Fuzzy Hash: f18af1470ac9f3c4920a835b7d1e50dab0fffe06179ace092e77f2417434d051
                    • Instruction Fuzzy Hash: A062D470900209DFDB14DF68C8A5BAEB7F5EF44315F249569EC16BB292DB709D08CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E52810 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 420fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1041 e52810-e52847 call db9ce0 1044 e52a71-e52abd call db99b0 1041->1044 1045 e5284d-e5286d call db9ce0 1041->1045 1049 e52abf 1044->1049 1050 e52ad8-e52ae2 1044->1050 1045->1044 1056 e52873-e52890 call db9ce0 1045->1056 1053 e52ac0-e52ac5 call e52d50 1049->1053 1054 e52d23-e52d40 call edde47 1050->1054 1055 e52ae8-e52aea 1050->1055 1063 e52aca-e52acd 1053->1063 1059 e52af0-e52af2 1055->1059 1056->1044 1077 e52896-e528b3 call db9ce0 1056->1077 1060 e52d41-e52d4f call dc2000 1059->1060 1061 e52af8-e52afb 1059->1061 1061->1060 1064 e52b01-e52b0e 1061->1064 1063->1053 1067 e52acf-e52ad2 1063->1067 1068 e52b10-e52b15 1064->1068 1069 e52b23-e52b26 1064->1069 1067->1050 1072 e52b17-e52b1c 1068->1072 1073 e52b1e-e52b21 1068->1073 1075 e52b2c-e52b54 call e6f780 1069->1075 1076 e52cd8-e52cdb 1069->1076 1072->1075 1073->1069 1073->1075 1085 e52b56-e52b71 1075->1085 1086 e52b82-e52bcf call e521d0 call e700e0 FindFirstFileW 1075->1086 1079 e52cf0 1076->1079 1080 e52cdd-e52ce0 1076->1080 1077->1044 1100 e528b9-e528d6 call db9ce0 1077->1100 1083 e52cf2-e52d1d call e51a00 1079->1083 1080->1079 1082 e52ce2-e52ce5 1080->1082 1082->1079 1087 e52ce7-e52cea 1082->1087 1083->1054 1083->1059 1090 e52b73-e52b76 1085->1090 1091 e52b7b-e52b7d 1085->1091 1102 e52bd1-e52c08 FindClose 1086->1102 1103 e52c3e-e52c46 1086->1103 1087->1079 1092 e52cec-e52cee 1087->1092 1090->1091 1096 e52cc0-e52cc9 1091->1096 1092->1083 1096->1060 1099 e52ccb-e52cd4 1096->1099 1099->1076 1100->1044 1115 e528dc-e528f9 call db9ce0 1100->1115 1105 e52c12-e52c2d 1102->1105 1106 e52c0a-e52c0d 1102->1106 1107 e52c54 1103->1107 1108 e52c48-e52c4e 1103->1108 1110 e52c37-e52c39 1105->1110 1111 e52c2f-e52c32 1105->1111 1106->1105 1113 e52c56-e52c66 1107->1113 1108->1107 1112 e52c50-e52c52 1108->1112 1110->1096 1111->1110 1112->1113 1116 e52c79-e52c91 1113->1116 1117 e52c68-e52c6f FindClose 1113->1117 1115->1044 1124 e528ff-e5291c call db9ce0 1115->1124 1118 e52c93-e52c96 1116->1118 1119 e52c9b-e52cb6 1116->1119 1117->1116 1118->1119 1119->1096 1121 e52cb8-e52cbb 1119->1121 1121->1096 1124->1044 1128 e52922-e5293f call db9ce0 1124->1128 1128->1044 1132 e52945-e52962 call db9ce0 1128->1132 1132->1044 1136 e52968-e52985 call db9ce0 1132->1136 1136->1044 1140 e5298b-e529a8 call db9ce0 1136->1140 1140->1044 1144 e529ae-e529cb call db9ce0 1140->1144 1144->1044 1148 e529d1-e52a0a call db9ce0 1144->1148 1148->1044 1152 e52a0c-e52a29 call db9ce0 1148->1152 1152->1044 1156 e52a2b-e52a48 call db9ce0 1152->1156 1156->1044 1160 e52a4a-e52a70 1156->1160
                    APIs
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                    • FindFirstFileW.KERNEL32(?,?,?,00000001), ref: 00E52BB2
                    • FindClose.KERNEL32(00000000), ref: 00E52BE0
                    • FindClose.KERNEL32(00000000), ref: 00E52C69
                    Strings
                    • No acceptable version found. It must be installed from package., xrefs: 00E53036
                    • No acceptable version found., xrefs: 00E53059
                    • No acceptable version found. It must be downloaded manually from a site., xrefs: 00E53044
                    • An acceptable version was found., xrefs: 00E5302F
                    • No acceptable version found. It must be downloaded., xrefs: 00E5303D
                    • No acceptable version found. Operating System not supported., xrefs: 00E5304B
                    • Not selected for install., xrefs: 00E53060
                    • No acceptable version found. It is already downloaded and it will be installed., xrefs: 00E53052
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Find$Close$FileFirstHeapProcess
                    • String ID: An acceptable version was found.$No acceptable version found.$No acceptable version found. It is already downloaded and it will be installed.$No acceptable version found. It must be downloaded manually from a site.$No acceptable version found. It must be downloaded.$No acceptable version found. It must be installed from package.$No acceptable version found. Operating System not supported.$Not selected for install.
                    • API String ID: 4254541338-749633484
                    • Opcode ID: ea0c48253da3a5c6fb45d498b691891ede8b70973319737b1ffaebce061b447d
                    • Instruction ID: c4ba8d241e7cbbaab56c56a65f5408564b5d84b51886f6e761543a4bc162c287
                    • Opcode Fuzzy Hash: ea0c48253da3a5c6fb45d498b691891ede8b70973319737b1ffaebce061b447d
                    • Instruction Fuzzy Hash: 29F19D30904609CFDB20DF28C8487AEFBF1FF46315F148699D956AB392DB309A49DB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2C930 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 311windowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1291 e2c930-e2ca04 call de7cd0 call dccb00 call db8250 1301 e2ca06-e2ca34 call db8520 1291->1301 1302 e2ca37-e2cac2 call db8520 * 2 call db8250 1291->1302 1301->1302 1313 e2cac4-e2caf2 call db8520 1302->1313 1314 e2caf5-e2cb23 call db8520 * 2 1302->1314 1313->1314 1322 e2cd46-e2cd63 call edde47 1314->1322 1323 e2cb29-e2cb30 1314->1323 1324 e2cb32-e2cb40 1323->1324 1325 e2cb46-e2cd32 SetWindowPos RedrawWindow SendMessageW call db9860 GetDC GetDeviceCaps MulDiv CreateFontW 1323->1325 1324->1325 1325->1322 1335 e2cd34-e2cd3b 1325->1335 1336 e2cd3f-e2cd41 call db8250 1335->1336 1337 e2cd3d 1335->1337 1336->1322 1337->1336
                    APIs
                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 00E2CB55
                    • RedrawWindow.USER32(?,00000000,00000000,00000541), ref: 00E2CB67
                    • SendMessageW.USER32(?,00000443,00000000), ref: 00E2CBBF
                    • GetDC.USER32(00000000), ref: 00E2CBE3
                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E2CBEE
                    • MulDiv.KERNEL32(?,00000000), ref: 00E2CBF6
                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?), ref: 00E2CC1B
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$CapsCreateDeviceFontMessageRedrawSend
                    • String ID: NumberValidationTipMsg$NumberValidationTipTitle$Segoe UI
                    • API String ID: 367477953-2319862951
                    • Opcode ID: 7a8906bbc0dc9f4b989c5b33aa7f97c3c45421aeea28f8d8cd4fb05e31485113
                    • Instruction ID: bbcc4a37a5fc343a0db00f2bcae9f37ed6f74e562a3231bb691e4ac66bdc73a9
                    • Opcode Fuzzy Hash: 7a8906bbc0dc9f4b989c5b33aa7f97c3c45421aeea28f8d8cd4fb05e31485113
                    • Instruction Fuzzy Hash: 82C1BD71A00708EFEB24CF64CC55BEAB7F5EB49300F108159E55AA72D1DB74AA49CFA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E74E80 Relevance: 16.6, APIs: 11, Instructions: 117memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1339 e74e80-e74edd GetCurrentProcess OpenProcessToken 1341 e74edf-e74ee7 GetLastError 1339->1341 1342 e74eec-e74f0d GetTokenInformation 1339->1342 1343 e74faa-e74fbd 1341->1343 1344 e74f0f-e74f18 GetLastError 1342->1344 1345 e74f3b-e74f3f 1342->1345 1346 e74fbf-e74fc6 FindCloseChangeNotification 1343->1346 1347 e74fcd-e74fe9 call edde47 1343->1347 1348 e74f8e GetLastError 1344->1348 1349 e74f1a-e74f39 call e68900 GetTokenInformation 1344->1349 1345->1348 1350 e74f41-e74f70 AllocateAndInitializeSid 1345->1350 1346->1347 1353 e74f94 1348->1353 1349->1345 1349->1348 1350->1353 1354 e74f72-e74f8c EqualSid FreeSid 1350->1354 1357 e74f96-e74fa3 call ede702 1353->1357 1354->1357 1357->1343
                    APIs
                    • GetCurrentProcess.KERNEL32 ref: 00E74EC8
                    • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00E74ED5
                    • GetLastError.KERNEL32 ref: 00E74EDF
                    • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 00E74F09
                    • GetLastError.KERNEL32 ref: 00E74F0F
                    • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,?,?,?), ref: 00E74F35
                    • AllocateAndInitializeSid.ADVAPI32(00000000,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00E74F68
                    • EqualSid.ADVAPI32(00000000,?), ref: 00E74F77
                    • FreeSid.ADVAPI32(?), ref: 00E74F86
                    • FindCloseChangeNotification.KERNEL32(00000000), ref: 00E74FC0
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Token$ErrorInformationLastProcess$AllocateChangeCloseCurrentEqualFindFreeInitializeNotificationOpen
                    • String ID:
                    • API String ID: 2037597787-0
                    • Opcode ID: 531b8c4a6b90e94841e45ea76843f44eff51735d232a25b948e2a225076a54a9
                    • Instruction ID: 327d3a53b3c144d05a9f80965ba95169f688ffb318e8e17139e6b3322c632c62
                    • Opcode Fuzzy Hash: 531b8c4a6b90e94841e45ea76843f44eff51735d232a25b948e2a225076a54a9
                    • Instruction Fuzzy Hash: A24148B190421DAFDF14DFA0DD48BEEBBB8FF08324F105116E415B6290D7799A04DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E67100 Relevance: 15.8, APIs: 10, Instructions: 832COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bf0c040da9f74a495b8e0093c1232a5fbdb6443eecfafcd62516b7518776fb8b
                    • Instruction ID: 36376298aebed5a00645c8663a49548e9d14759ffde43ca77212f54211233ae9
                    • Opcode Fuzzy Hash: bf0c040da9f74a495b8e0093c1232a5fbdb6443eecfafcd62516b7518776fb8b
                    • Instruction Fuzzy Hash: 7F72C070A04649CFDB14DFA8D888B9EFBF1BF45318F1482A9E455AB291DB70AE44CF50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E3BD00 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 130libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00E07D10: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00E07D51
                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00E3BD4D
                    • GetCurrentProcess.KERNEL32(?), ref: 00E3BD65
                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00E3BD7F
                    • GetNativeSystemInfo.KERNEL32(?), ref: 00E3BD8D
                    • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00F57E8C), ref: 00E3BD95
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: System$AddressInfoProc$CurrentDirectoryNativeProcess
                    • String ID: GetNativeSystemInfo$IsWow64Process$kernel32.dll
                    • API String ID: 1670476242-3073145729
                    • Opcode ID: 39efcab7024b600ccc5cc974e0e60d51be6974e993b6609a42fb724e8fea7a60
                    • Instruction ID: 25bdb4bda31dee5e4a4ad6c7a14eb5785bf4b836db50964d62ea37bbb61b8e7e
                    • Opcode Fuzzy Hash: 39efcab7024b600ccc5cc974e0e60d51be6974e993b6609a42fb724e8fea7a60
                    • Instruction Fuzzy Hash: 6B419075A04208AFCF14DFA8D849BEEBBF4EF48314F50512AEA17B7290DB349904DB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E4DF80 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryW.KERNEL32(ComCtl32.dll,604EB446,00000000,?,00000000), ref: 00E4DFBE
                    • GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 00E4DFE1
                    • GetSystemMetrics.USER32(0000000C), ref: 00E4E01C
                    • GetSystemMetrics.USER32(0000000B), ref: 00E4E032
                    • LoadImageW.USER32(?,?,00000001,00000000,00000000,?), ref: 00E4E041
                    • FreeLibrary.KERNEL32(00000000), ref: 00E4E05F
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LibraryLoadMetricsSystem$AddressFreeImageProc
                    • String ID: ComCtl32.dll$LoadIconMetric
                    • API String ID: 1983857168-764666640
                    • Opcode ID: aafdaabe8996edb7eef6dcd17a326f70858bce348bade0e8ce499415bb909085
                    • Instruction ID: c6a5212e65b4bbde9e59abcd41c2ed8d4855b74e8613e52810b0f0a46d327306
                    • Opcode Fuzzy Hash: aafdaabe8996edb7eef6dcd17a326f70858bce348bade0e8ce499415bb909085
                    • Instruction Fuzzy Hash: B831B1B1A04218ABDB109F95DC44BAFBFF8FB48320F00412AF915A3281D7B58D00DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DFF960 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 403windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00E33EE0: SystemParametersInfoW.USER32(00000042,0000000C), ref: 00E33F50
                      • Part of subcall function 00E3DB30: PathIsUNCW.SHLWAPI(?,604EB446,?,?), ref: 00E3DBD1
                    • DeleteObject.GDI32(?), ref: 00DFFB85
                    • GetWindowLongW.USER32(0000000C,000000EC), ref: 00DFFBD3
                    • GetClientRect.USER32(0000000C,?), ref: 00DFFEBF
                    • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00DFFF37
                      • Part of subcall function 00E329D0: GetClientRect.USER32(00DFFF23,?), ref: 00E329FB
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ClientRect$DeleteInfoLongMessageObjectParametersPathSendSystemWindow
                    • String ID: $$rtlo
                    • API String ID: 2869272579-2671091646
                    • Opcode ID: b9204337342da33a6f9fa76e54e82be85fe58348370e1e1328764ba05d9cc1ef
                    • Instruction ID: 67068f0a590864e7092333d64daa10f01525373671c79e4e1cb93061a784b423
                    • Opcode Fuzzy Hash: b9204337342da33a6f9fa76e54e82be85fe58348370e1e1328764ba05d9cc1ef
                    • Instruction Fuzzy Hash: B112AF70900248DFEB10DF68C955BDDBBF0FF05304F148199E549AB292DB74AA88DFA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E34869 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 185nativeCOMMON
                    Download Yara Rule
                    APIs
                    • SetUnhandledExceptionFilter.KERNEL32(Function_00098A70), ref: 00E3486E
                    • NtdllDefWindowProc_W.NTDLL(00000000,00000000,00000000,00000000,?), ref: 00E348C3
                      • Part of subcall function 00E07D10: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00E07D51
                      • Part of subcall function 00E36A10: GetCurrentThreadId.KERNEL32 ref: 00E36A6F
                      • Part of subcall function 00E5BE70: GetCommandLineW.KERNEL32(Full command line:,00000012), ref: 00E5BFD0
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CommandCurrentDirectoryExceptionFilterLineNtdllProc_SystemThreadUnhandledWindow
                    • String ID: Advanced Installer Enhanced UI$RICHED20.DLL$NP
                    • API String ID: 205252671-2027881062
                    • Opcode ID: 2bcbb8f44c371a04c3fd716aadab66ceab3a1fb9a38225f69c01f6de3ab550dc
                    • Instruction ID: 30920ba2cfbc6228972d2205db99f560b527065708e6909a7baedf9fd9a4d527
                    • Opcode Fuzzy Hash: 2bcbb8f44c371a04c3fd716aadab66ceab3a1fb9a38225f69c01f6de3ab550dc
                    • Instruction Fuzzy Hash: F2817D7080066CCACB25EB24DC59BEEBBB4AF15305F1451D9E409B7282EB702F88DF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E72ED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 125COMMON
                    Download Yara Rule
                    APIs
                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00E72FAA
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DiskFreeSpace
                    • String ID: \$\$\
                    • API String ID: 1705453755-3791832595
                    • Opcode ID: d95a51f5f859c23f17a5f8c1e395491149141d4f40987f39616b99662513740c
                    • Instruction ID: bdb54e12de43726ff62e337f22be811678d032f45259877851f1d085aac31384
                    • Opcode Fuzzy Hash: d95a51f5f859c23f17a5f8c1e395491149141d4f40987f39616b99662513740c
                    • Instruction Fuzzy Hash: 1741C462E143558ACB34AF248440AABB7F4FF94358F15AA2EE9CCB7140E761898593C6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EDBB19 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(00000008,00000008,?,00DC0457,?,?,00DC0204,?), ref: 00EDBB1E
                    • HeapAlloc.KERNEL32(00000000,?,?,00DC0204,?), ref: 00EDBB25
                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00DC0204,?), ref: 00EDBB6B
                    • HeapFree.KERNEL32(00000000,?,?,00DC0204,?), ref: 00EDBB72
                      • Part of subcall function 00EDB9B7: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00EDBB61,00000000,?,?,00DC0204,?), ref: 00EDB9DB
                      • Part of subcall function 00EDB9B7: HeapAlloc.KERNEL32(00000000,?,?,00DC0204,?), ref: 00EDB9E2
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Heap$Process$Alloc$Free
                    • String ID:
                    • API String ID: 1864747095-0
                    • Opcode ID: 27668d4b6d1fb1fc79efa25881ee83bdc2d7819512a80298f9f5cfc362404034
                    • Instruction ID: a5ea3457961f5f03117273fb48a482e1afb9f6b5187d250b2ba81ffa833a8e03
                    • Opcode Fuzzy Hash: 27668d4b6d1fb1fc79efa25881ee83bdc2d7819512a80298f9f5cfc362404034
                    • Instruction Fuzzy Hash: 35F0BBB3608715D7C73837787C1995B399AEF907617025027F545D7354EF20C80297A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E4A3A0 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
                    Download Yara Rule
                    APIs
                    • FindFirstFileW.KERNEL32(?,00000000,?,?,00000000), ref: 00E4A43F
                    • FindClose.KERNEL32(00000000), ref: 00E4A49E
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Find$AllocateCloseFileFirstHeap
                    • String ID:
                    • API String ID: 1673784098-0
                    • Opcode ID: c16aa70d1b0aab900a867848b7296fa7290844d69a3fcdbec7d8933b48eee41f
                    • Instruction ID: a9c65cc1446246fa9be516797c364655f0fa8b6fc5fa2d8c298990cbd8e6d1e9
                    • Opcode Fuzzy Hash: c16aa70d1b0aab900a867848b7296fa7290844d69a3fcdbec7d8933b48eee41f
                    • Instruction Fuzzy Hash: CC3104719452188BCB24DF54EC4CBAEB7F4EB44334F2481AEE929A7780D3B45D40CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EED4DF Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                    Download Yara Rule
                    APIs
                    • GetCurrentProcess.KERNEL32(?,?,00EED4DE,?,?,?,?,?,00EE2D95), ref: 00EED501
                    • TerminateProcess.KERNEL32(00000000,?,00EED4DE,?,?,?,?,?,00EE2D95), ref: 00EED508
                    • ExitProcess.KERNEL32 ref: 00EED51A
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Process$CurrentExitTerminate
                    • String ID:
                    • API String ID: 1703294689-0
                    • Opcode ID: 63267bdf2c26ca134897714fcca6936403bdc6b1c09e0ad8dcc69d2693d7918b
                    • Instruction ID: 226b14d9a6b61e9f60ee7be19b575cc22106223cf7bbb9db7eae1cdae5499e5c
                    • Opcode Fuzzy Hash: 63267bdf2c26ca134897714fcca6936403bdc6b1c09e0ad8dcc69d2693d7918b
                    • Instruction Fuzzy Hash: A2E0463100824CEFCF213FA5CD0991A3BAAFB84365F201814F8059A231CB35ED86DA40
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EA2250 Relevance: 3.1, APIs: 2, Instructions: 91filepipeCOMMON
                    Download Yara Rule
                    APIs
                    • CreateNamedPipeW.KERNEL32(?,00000003,00000006,000000FF,00000400,00000400,00001388,00000000,?), ref: 00EA22EC
                    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000,?), ref: 00EA2317
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Create$FileNamedPipe
                    • String ID:
                    • API String ID: 1328467360-0
                    • Opcode ID: ec124721a8b6efcacf414f0eae5bd946d27b11c572b93f8864f7ac6e2cd739f7
                    • Instruction ID: dd668a137bb8cd9bec2d0fd977e1a4cc3608e07e2151219d951c7f04d4b1ef63
                    • Opcode Fuzzy Hash: ec124721a8b6efcacf414f0eae5bd946d27b11c572b93f8864f7ac6e2cd739f7
                    • Instruction Fuzzy Hash: 5831AF31A44348AFDF20DFA4C841BEABBF4AB0A724F24165DE652BB6C0C630B505DB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E87BE0 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: HeapProcess
                    • String ID: {$`z
                    • API String ID: 54951025-1039629899
                    • Opcode ID: 9bbf357e42530d52c67ddf57fa5f9012da65bba90bdca79549b231121b6166c7
                    • Instruction ID: 85a5f09ea021dff478e0affb64a72a8713eef48988b53c0a48c01906b23caaa2
                    • Opcode Fuzzy Hash: 9bbf357e42530d52c67ddf57fa5f9012da65bba90bdca79549b231121b6166c7
                    • Instruction Fuzzy Hash: 626122B0505B44CFE710DF64C51839ABFE0FF05308F248A5DD98A9B392D7B5A609DB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EDDE86 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                    Download Yara Rule
                    APIs
                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00EDEB63
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: FeaturePresentProcessor
                    • String ID:
                    • API String ID: 2325560087-0
                    • Opcode ID: 9943e135efe546127cd7a16fdff5c69277863f985610adad76df8893738a3a49
                    • Instruction ID: cb17625c2b3beb0139f20f3ea04e3b215837e37aa32420a5d1f4d5e050c8c485
                    • Opcode Fuzzy Hash: 9943e135efe546127cd7a16fdff5c69277863f985610adad76df8893738a3a49
                    • Instruction Fuzzy Hash: 89519C71920709CBDB14DF69E8897AEBBF5FB44314F24852BD805EB3A0D7709942CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE08E0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                    Download Yara Rule
                    APIs
                    • SetUnhandledExceptionFilter.KERNEL32(00E48A70), ref: 00DE090E
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ExceptionFilterUnhandled
                    • String ID:
                    • API String ID: 3192549508-0
                    • Opcode ID: 5a1619942e22dfd84a0f0b70837a37c661e9b2441e85258fe9e9e5eeb4325542
                    • Instruction ID: 4ca8b2ff5f46db7622f296dd6f615dc99d048137b4e47a20e0098bf41b1afc83
                    • Opcode Fuzzy Hash: 5a1619942e22dfd84a0f0b70837a37c661e9b2441e85258fe9e9e5eeb4325542
                    • Instruction Fuzzy Hash: 1AE02666A043443FC720BB92AE09F0E3F95EBD5B10F091457F24133252C7A08801E762
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DEC1F0 Relevance: .2, Instructions: 216COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 344383e2a1fd44999ca546b38c6ef56259bca0a71913fd309c5f9f99092bb8d7
                    • Instruction ID: e6de3b6cb06eb664d302d3b3837dd28f4ef4c40a330538897709b026971b526f
                    • Opcode Fuzzy Hash: 344383e2a1fd44999ca546b38c6ef56259bca0a71913fd309c5f9f99092bb8d7
                    • Instruction Fuzzy Hash: 53C103B0801748DFE721CF64C55878ABFF0BF15308F14899DD4995B392D7BAA608DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E81840 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 220registryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 124 e81840-e818b8 RegOpenKeyExW 126 e818be-e818ef RegQueryValueExW 124->126 127 e81b22-e81b3b 124->127 130 e8193f-e8196a RegQueryValueExW 126->130 131 e818f1-e81903 call ed6920 126->131 128 e81b3d-e81b44 RegCloseKey 127->128 129 e81b4e-e81b69 call edde47 127->129 128->129 130->127 132 e81970-e81981 130->132 140 e81914-e8192b call ed6920 131->140 141 e81905-e81912 131->141 135 e8198d-e8198f 132->135 136 e81983-e8198b 132->136 135->127 139 e81995-e8199c 135->139 136->135 136->136 142 e819a0-e819ae call ed6920 139->142 148 e8192d 140->148 149 e81932-e81938 140->149 143 e8193a 141->143 150 e819b9-e819c7 call ed6920 142->150 151 e819b0-e819b4 142->151 143->130 148->149 149->143 158 e819c9-e819cd 150->158 159 e819d2-e819e0 call ed6920 150->159 152 e81af4 151->152 155 e81afb-e81b08 152->155 156 e81b1a-e81b1c 155->156 157 e81b0a 155->157 156->127 156->142 160 e81b10-e81b18 157->160 158->152 163 e819eb-e819f9 call ed6920 159->163 164 e819e2-e819e6 159->164 160->156 160->160 167 e819fb-e819ff 163->167 168 e81a04-e81a12 call ed6920 163->168 164->152 167->152 171 e81a1d-e81a2b call ed6920 168->171 172 e81a14-e81a18 168->172 175 e81a2d-e81a31 171->175 176 e81a36-e81a44 call ed6920 171->176 172->152 175->152 179 e81a4f-e81a5d call ed6920 176->179 180 e81a46-e81a4a 176->180 183 e81a69-e81a77 call ed6920 179->183 184 e81a5f-e81a64 179->184 180->152 188 e81a79-e81a7e 183->188 189 e81a80-e81a8e call ed6920 183->189 185 e81af1 184->185 185->152 188->185 192 e81a90-e81a95 189->192 193 e81a97-e81aa5 call ed6920 189->193 192->185 196 e81aae-e81abc call ed6920 193->196 197 e81aa7-e81aac 193->197 200 e81abe-e81ac3 196->200 201 e81ac5-e81ad3 call ed6920 196->201 197->185 200->185 204 e81adc-e81aea call ed6920 201->204 205 e81ad5-e81ada 201->205 204->155 208 e81aec 204->208 205->185 208->185
                    APIs
                    • RegOpenKeyExW.KERNEL32(80000002,SYSTEM\CurrentControlSet\Control\ProductOptions,00000000,00020119,00000000), ref: 00E818B0
                    • RegQueryValueExW.KERNEL32(00000000,ProductType,00000000,00000000,?), ref: 00E818EB
                    • RegQueryValueExW.KERNEL32(00000000,ProductSuite,00000000,00000000,?,?), ref: 00E81966
                    • RegCloseKey.KERNEL32(00000000), ref: 00E81B3E
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: QueryValue$CloseOpen
                    • String ID: BackOffice$Blade$CommunicationServer$Compute Server$DataCenter$Embedded(Restricted)$EmbeddedNT$Enterprise$Personal$ProductSuite$ProductType$SYSTEM\CurrentControlSet\Control\ProductOptions$Security Appliance$ServerNT$Small Business$Small Business(Restricted)$Storage Server$Terminal Server$WinNT
                    • API String ID: 1586453840-3149529848
                    • Opcode ID: 27f3ebb1df9725eb0328e4852ef1aacd9d5ed664035bd4e1df46ab4b2998e259
                    • Instruction ID: 1aab002d02d4da51d88ad9b41eda133501c3b4aa7f34e974454d35cfab9e66c5
                    • Opcode Fuzzy Hash: 27f3ebb1df9725eb0328e4852ef1aacd9d5ed664035bd4e1df46ab4b2998e259
                    • Instruction Fuzzy Hash: B171B8307003498ADB14AB28CD507EA77A9EF84748F5061F6EA0EB7682EB74DD4B9741
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E814E0 Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 216registrylibraryloaderCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 209 e814e0-e81556 RegOpenKeyExW 211 e8155c-e815bd RegQueryValueExW * 2 209->211 212 e817f6-e8180f 209->212 213 e8161b-e8165c RegQueryValueExW 211->213 214 e815bf-e815f1 RegQueryValueExW 211->214 215 e81811-e81818 RegCloseKey 212->215 216 e81822-e8183b call edde47 212->216 219 e8165e-e8167e call ed6870 213->219 220 e81683-e816ae RegQueryValueExW 213->220 214->213 217 e815f3-e815fb 214->217 215->216 217->217 221 e815fd-e81600 217->221 219->220 224 e816b0-e816d0 call ed6870 220->224 225 e816d5-e81700 RegQueryValueExW 220->225 221->213 228 e81602-e81615 221->228 224->225 226 e8175a-e8176d 225->226 227 e81702-e81711 225->227 234 e8176f-e81783 call ede23a 226->234 235 e817b6-e817be 226->235 232 e8172f-e8173d 227->232 233 e81713-e8171e 227->233 228->213 239 e8174a-e81755 232->239 240 e8173f 232->240 238 e81720-e8172d 233->238 234->235 247 e81785-e817b3 GetModuleHandleW GetProcAddress call ede1f0 234->247 236 e817ea 235->236 237 e817c0-e817dc GetCurrentProcess IsWow64Process 235->237 243 e817ec-e817f1 call e81840 236->243 237->236 242 e817de-e817e8 237->242 238->232 238->238 239->226 244 e81740-e81748 240->244 242->243 243->212 244->239 244->244 247->235
                    APIs
                    • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,00000000), ref: 00E8154E
                    • RegQueryValueExW.KERNEL32(00000000,CurrentMajorVersionNumber,00000000,00000000,?,?), ref: 00E81595
                    • RegQueryValueExW.KERNEL32(00000000,CurrentMinorVersionNumber,00000000,00000000,?,00000004), ref: 00E815B4
                    • RegQueryValueExW.ADVAPI32(00000000,CurrentVersion,00000000,00000000,?,?), ref: 00E815E3
                    • RegQueryValueExW.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,?,?), ref: 00E81658
                    • RegQueryValueExW.KERNEL32(00000000,ReleaseId,00000000,00000000,?,?), ref: 00E816AA
                    • RegQueryValueExW.KERNEL32(00000000,CSDVersion,00000000,00000000,?,?), ref: 00E816FC
                    • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00E81793
                    • GetProcAddress.KERNEL32(00000000), ref: 00E8179A
                    • GetCurrentProcess.KERNEL32(?), ref: 00E817D1
                    • IsWow64Process.KERNEL32(00000000), ref: 00E817D8
                    • RegCloseKey.ADVAPI32(00000000), ref: 00E81812
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: QueryValue$Process$AddressCloseCurrentHandleModuleOpenProcWow64
                    • String ID: CSDVersion$CurrentBuildNumber$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$IsWow64Process$ReleaseId$Software\Microsoft\Windows NT\CurrentVersion$kernel32
                    • API String ID: 2654979339-3583743485
                    • Opcode ID: fc1f5b3afa55a893aca3f3a77fabafafd1a22e085e70f18fd703d493887a5ed3
                    • Instruction ID: 5b62ab14e2dd437923d656606be3f825c7c44b8b15020f77828b07182a144d0b
                    • Opcode Fuzzy Hash: fc1f5b3afa55a893aca3f3a77fabafafd1a22e085e70f18fd703d493887a5ed3
                    • Instruction Fuzzy Hash: 13919EB19003289FDB20DF20CD45B9AB7B9FB44714F1002EAE909B7290E7769A95DF51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E3C570 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 271threadsynchronizationCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 472 e3c570-e3c5ef call db8250 call e9f400 477 e3c5f3-e3c60b CreateEventW 472->477 478 e3c5f1 472->478 479 e3c625-e3c692 call db8520 * 2 call db8250 call e9f400 477->479 480 e3c60d-e3c61f 477->480 478->477 490 e3c696-e3c6a8 CreateEventW 479->490 491 e3c694 479->491 480->479 492 e3c6c2-e3c72f call db8520 * 2 call db8250 call e9f400 490->492 493 e3c6aa-e3c6bc 490->493 491->490 503 e3c733-e3c744 CreateEventW 492->503 504 e3c731 492->504 493->492 505 e3c746-e3c755 503->505 506 e3c75b-e3c7b4 call db8520 * 2 call edde86 CreateThread 503->506 504->503 505->506 514 e3c7c1-e3c7c7 506->514 515 e3c7b6-e3c7be call edde55 506->515 517 e3c7c9-e3c7d8 514->517 518 e3c7de-e3c80e WaitForMultipleObjects 514->518 515->514 517->518 520 e3c814-e3c824 518->520 521 e3c89a-e3c8b5 GetExitCodeThread 518->521 525 e3c877-e3c881 520->525 526 e3c826-e3c82e 520->526 523 e3c8e3-e3c8ea 521->523 524 e3c8b7-e3c8be 521->524 531 e3c936 523->531 532 e3c8ec-e3c8fb 523->532 524->523 528 e3c8c0-e3c8d0 WaitForSingleObject 524->528 525->521 527 e3c883-e3c88b 525->527 529 e3c830-e3c864 call e6a610 call e6a7f0 call e6a180 SetEvent 526->529 530 e3c866-e3c875 WaitForMultipleObjects 526->530 527->521 533 e3c88d call df8ff0 527->533 535 e3c8d2-e3c8d5 528->535 536 e3c8d7-e3c8e1 GetExitCodeThread 528->536 529->530 530->521 530->525 534 e3c939-e3c954 call edde47 531->534 532->531 542 e3c8fd-e3c910 532->542 543 e3c892-e3c898 SetEvent 533->543 535->534 536->523 546 e3c912 542->546 547 e3c914-e3c923 542->547 543->521 546->547 550 e3c927-e3c933 call deb7d0 547->550 551 e3c925 547->551 550->531 551->550
                    APIs
                      • Part of subcall function 00E9F400: GetCurrentProcessId.KERNEL32(604EB446), ref: 00E9F443
                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,_prepare_evt,0000000C,604EB446,00000000,?), ref: 00E3C600
                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,_uigo_evt,00000009), ref: 00E3C69D
                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,_uidone_evt,0000000B), ref: 00E3C73A
                    • CreateThread.KERNEL32(00000000,00000000,Function_000308E0,00000000,00000000,00000000), ref: 00E3C7AA
                    • WaitForMultipleObjects.KERNEL32(00000003,00F176C4,00000000,000000FF), ref: 00E3C809
                    • SetEvent.KERNEL32(?,?,?,00000001,00000110), ref: 00E3C864
                    • WaitForMultipleObjects.KERNEL32(00000002,00F176C4,00000000,000000FF), ref: 00E3C870
                    • SetEvent.KERNEL32(?), ref: 00E3C898
                    • GetExitCodeThread.KERNEL32 ref: 00E3C8B1
                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E3C8C8
                    • GetExitCodeThread.KERNEL32(?,00000103), ref: 00E3C8E1
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Event$Create$ThreadWait$CodeExitMultipleObjects$CurrentObjectProcessSingle
                    • String ID: _prepare_evt$_uidone_evt$_uigo_evt
                    • API String ID: 1275536040-911972594
                    • Opcode ID: 8c4f54e3647dbfb3e727382df1fd3c954ed08acc96c48030229790be690ea7da
                    • Instruction ID: fbb94804620c314cdd24976747e95bb2076c4fab6644a991e34fa1e5213355ec
                    • Opcode Fuzzy Hash: 8c4f54e3647dbfb3e727382df1fd3c954ed08acc96c48030229790be690ea7da
                    • Instruction Fuzzy Hash: 1FC14B70901309EFDB24DFA4C989BDEBBF4EF05314F204519E46ABB290DB70AA05CB65
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DECA00 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 202windowthreadCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 956 deca00-decad6 EnterCriticalSection GetCurrentThreadId call ee5775 959 decad8-decaee call ee5775 956->959 960 decb30-decb49 956->960 959->960 964 decaf0-decb0b 959->964 965 decb6c-decb9a call edbc1b call dc2020 CreateDialogParamW 960->965 966 decb4b-decb55 call edbb19 960->966 967 decb0d-decb10 964->967 968 decb12-decb22 964->968 979 decb9c-decba4 GetLastError 965->979 980 decba9-decbb4 ShowWindow 965->980 966->965 976 decb57-decb67 SetLastError GetLastError 966->976 967->968 972 decb29-decb2d 968->972 973 decb24-decb27 968->973 972->960 973->972 978 decc58-decc7c call df7180 976->978 979->978 982 decbba-decbc1 980->982 984 decbc4-decbc6 982->984 985 decbee-decc04 KiUserCallbackDispatcher 984->985 986 decbc8-decbd8 PeekMessageW 984->986 985->984 988 decc06-decc08 985->988 986->985 987 decbda-decbe9 986->987 987->986 994 decbeb 987->994 989 decc0a-decc1b 988->989 990 decc50-decc53 call df6ff0 988->990 995 decc1d-decc2b TranslateMessage DispatchMessageW 989->995 996 decc31-decc45 989->996 990->978 994->985 995->996 996->984 998 decc4b 996->998 998->982
                    APIs
                    • EnterCriticalSection.KERNEL32(00F9D5C4), ref: 00DECAA7
                    • GetCurrentThreadId.KERNEL32 ref: 00DECABA
                    • LeaveCriticalSection.KERNEL32(?), ref: 00DECB33
                    • SetLastError.KERNEL32(0000000E), ref: 00DECB59
                    • GetLastError.KERNEL32 ref: 00DECB5F
                    • CreateDialogParamW.USER32(0000278B,?,00DF6AE0,00000000,?), ref: 00DECB92
                    • GetLastError.KERNEL32(?,000000FF,00000000,00000000), ref: 00DECB9C
                    • ShowWindow.USER32(?,0000000A,?,000000FF,00000000,00000000), ref: 00DECBAE
                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00DECBD4
                    • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00DECBF8
                    • TranslateMessage.USER32(?), ref: 00DECC21
                    • DispatchMessageW.USER32(?), ref: 00DECC2B
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ErrorLastMessage$CriticalSection$CallbackCreateCurrentDialogDispatchDispatcherEnterLeaveParamPeekShowThreadTranslateUserWindow
                    • String ID: @v
                    • API String ID: 2035678929-311380672
                    • Opcode ID: 878430af75fdb8e06951ce5dccf019bba9a7754271325f84ca6e42ce215e93b2
                    • Instruction ID: 6f43f20388f2a524a9a13f2aca345eb1dc3558c1126b60f97cbcbfc58af28c23
                    • Opcode Fuzzy Hash: 878430af75fdb8e06951ce5dccf019bba9a7754271325f84ca6e42ce215e93b2
                    • Instruction Fuzzy Hash: EB818CB1904349DFDB10DFA9DD49BAEBBB4FF08314F244119E915A7290E770AA05DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE5CE0 Relevance: 22.7, APIs: 15, Instructions: 245windowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 999 de5ce0-de5d2d GetClientRect 1000 de5d2f-de5d32 999->1000 1001 de5d34 999->1001 1002 de5d36-de5dc1 OffsetRect ExcludeClipRect GetWindowRect OffsetRect call dc9890 call de5fb0 1000->1002 1001->1002 1007 de5f69-de5f97 call dc97e0 call edde47 1002->1007 1008 de5dc7-de5dce 1002->1008 1010 de5de2-de5de4 1008->1010 1011 de5dd0-de5ddc call de6720 1008->1011 1010->1007 1014 de5dea-de5df1 1010->1014 1011->1010 1017 de5e0d-de5e20 call de6720 1014->1017 1018 de5df3-de5e07 call de6720 1014->1018 1017->1007 1024 de5e26-de5e2a 1017->1024 1018->1007 1018->1017 1024->1007 1025 de5e30-de5e50 SendMessageW 1024->1025 1026 de5ea9-de5ec0 call db9ce0 1025->1026 1027 de5e52-de5ea6 GetSystemMetrics * 2 DrawIconEx 1025->1027 1030 de5f9a-de5fa4 call db99b0 1026->1030 1031 de5ec6-de5eee call dc9a20 call de6830 1026->1031 1027->1026 1038 de5ef3-de5f5b SelectObject SetTextColor SetBkMode GetWindowLongW DrawTextW SelectObject 1031->1038 1039 de5f5d-de5f60 1038->1039 1040 de5f65 1038->1040 1039->1040 1040->1007
                    APIs
                    • GetClientRect.USER32(?,00F0733D), ref: 00DE5D20
                    • OffsetRect.USER32(00F0733D,00F0733D,000000FF), ref: 00DE5D49
                    • ExcludeClipRect.GDI32(?,00F0733D,000000FF,?,00DE4DDB), ref: 00DE5D65
                    • GetWindowRect.USER32(?,?), ref: 00DE5D7B
                    • OffsetRect.USER32(?,?,?), ref: 00DE5D91
                    • SendMessageW.USER32(?,0000007F,00000000,00000000), ref: 00DE5E45
                    • GetSystemMetrics.USER32(00000031), ref: 00DE5E5A
                    • GetSystemMetrics.USER32(00000032), ref: 00DE5E61
                    • DrawIconEx.USER32(?,?,?,?,?,00000000,00000000,00000000,00000003), ref: 00DE5EA0
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                      • Part of subcall function 00DC9A20: GetWindowTextLengthW.USER32(?), ref: 00DC9A27
                      • Part of subcall function 00DC9A20: GetWindowTextW.USER32(?,?,00000001), ref: 00DC9A59
                      • Part of subcall function 00DE6830: GetWindowRect.USER32(?,?), ref: 00DE6861
                      • Part of subcall function 00DE6830: SendMessageW.USER32(?,0000007F,00000000,00000000), ref: 00DE689E
                      • Part of subcall function 00DE6830: GetSystemMetrics.USER32(00000031), ref: 00DE68AA
                      • Part of subcall function 00DE6830: GetSystemMetrics.USER32(00000032), ref: 00DE68B4
                    • SelectObject.GDI32(?,?), ref: 00DE5EF7
                    • SetTextColor.GDI32(?,?), ref: 00DE5F06
                    • SetBkMode.GDI32(?,00000001), ref: 00DE5F0F
                    • GetWindowLongW.USER32(?,000000EC), ref: 00DE5F1C
                    • DrawTextW.USER32(?,?,000000FF,?,00000000), ref: 00DE5F3B
                    • SelectObject.GDI32(?,00000000), ref: 00DE5F43
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Rect$Window$MetricsSystemText$DrawMessageObjectOffsetSelectSend$ClientClipColorExcludeHeapIconLengthLongModeProcess
                    • String ID:
                    • API String ID: 3607517664-0
                    • Opcode ID: ac30fa070e45b61e697a71c5d35a85c7deb2618f6fb15d11cdbf94e032653a3e
                    • Instruction ID: 6fed0e0a8d3e2c5cd0321a9bce010b0483e08bc43a9d75111d62a5d75360db79
                    • Opcode Fuzzy Hash: ac30fa070e45b61e697a71c5d35a85c7deb2618f6fb15d11cdbf94e032653a3e
                    • Instruction Fuzzy Hash: 9691AF31A00248AFDF15DFA5DD89BEDBBB9FF09304F180169F905AB296CB709944DB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E3ABF0 Relevance: 18.0, APIs: 4, Strings: 6, Instructions: 496synchronizationCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1162 e3abf0-e3ad80 call edde86 call dc6e60 call edde86 call dc6e60 1171 e3ae40-e3ae78 call ea4f10 1162->1171 1172 e3ad86 1162->1172 1181 e3ae80-e3aea2 1171->1181 1173 e3ad90-e3ade0 1172->1173 1174 e3ade6-e3adef 1173->1174 1174->1174 1176 e3adf1-e3ae3a call db8250 call ea1480 call db8520 1174->1176 1176->1171 1176->1173 1185 e3aea4-e3aeaa 1181->1185 1187 e3b2c1 1185->1187 1188 e3aeb0-e3aeca call ed34d0 1185->1188 1190 e3b2c6-e3b37a call ea55b0 call dbacf0 call e3cea0 call edde55 call dbacf0 call dd80a0 call edde55 call edde47 1187->1190 1198 e3aee4-e3af1a 1188->1198 1199 e3aecc-e3aee2 1188->1199 1205 e3af21-e3af8a 1198->1205 1208 e3af1c call e59290 1198->1208 1199->1205 1223 e3affa-e3b09c 1205->1223 1224 e3af8c-e3af9f 1205->1224 1208->1205 1235 e3b0a1-e3b0c3 1223->1235 1225 e3afa1-e3afa9 1224->1225 1226 e3afe7-e3afec 1224->1226 1229 e3afab-e3afb2 1225->1229 1230 e3afbd-e3afc5 1225->1230 1226->1190 1227 e3aff2-e3aff5 1226->1227 1227->1190 1231 e3afb6-e3afb8 call db8250 1229->1231 1232 e3afb4 1229->1232 1233 e3afc7-e3afce 1230->1233 1234 e3afdb-e3afe1 1230->1234 1231->1230 1232->1231 1237 e3afd2-e3afd6 call db8250 1233->1237 1238 e3afd0 1233->1238 1234->1226 1241 e3b0c5-e3b12a 1235->1241 1237->1234 1238->1237 1242 e3b130-e3b152 1241->1242 1244 e3b154-e3b170 call e3bd00 1242->1244 1247 e3b172-e3b177 1244->1247 1248 e3b17c-e3b17e 1244->1248 1249 e3b22d-e3b249 1247->1249 1252 e3b183-e3b190 1248->1252 1250 e3b24b-e3b24e CloseHandle 1249->1250 1251 e3b258-e3b26e 1249->1251 1250->1251 1253 e3b270-e3b273 CloseHandle 1251->1253 1254 e3b27d-e3b289 1251->1254 1260 e3b192-e3b198 SetEvent 1252->1260 1261 e3b19e-e3b1aa 1252->1261 1253->1254 1255 e3b291-e3b29d 1254->1255 1256 e3b28b-e3b28d 1254->1256 1258 e3b2a5-e3b2af 1255->1258 1259 e3b29f-e3b2a1 1255->1259 1256->1255 1265 e3b2bf 1258->1265 1259->1258 1260->1261 1262 e3b209-e3b214 1261->1262 1263 e3b1ac-e3b1b5 call db9ce0 1261->1263 1262->1249 1270 e3b216-e3b21d 1262->1270 1268 e3b1bb-e3b1fa call db8d90 1263->1268 1269 e3b37d-e3b436 call db99b0 call dbacf0 call e3cea0 call edde55 call dbacf0 call dd80a0 call edde55 1263->1269 1265->1190 1280 e3b204-e3b207 1268->1280 1281 e3b1fc-e3b1ff 1268->1281 1270->1249 1272 e3b21f-e3b227 WaitForSingleObject 1270->1272 1272->1249 1280->1249 1280->1262 1281->1280
                    APIs
                    • SetEvent.KERNEL32(?), ref: 00E3B198
                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E3B227
                    • CloseHandle.KERNEL32(?), ref: 00E3B24C
                    • CloseHandle.KERNEL32(?), ref: 00E3B271
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CloseHandle$EventObjectSingleWait
                    • String ID: !$@0$Unable to start installation error code: %u$p$pX$ph
                    • API String ID: 2857295742-630317849
                    • Opcode ID: a5841126c426a6263d02984531a54d1ec9cb6e725b98c7a2b88d9daba907db75
                    • Instruction ID: fa9178776ea06e38ea7ab13c53f8c1580e8476cc3d3f96d2774b9f1822af218a
                    • Opcode Fuzzy Hash: a5841126c426a6263d02984531a54d1ec9cb6e725b98c7a2b88d9daba907db75
                    • Instruction Fuzzy Hash: 7B323870905219DFDB20DF64C948BDDBBB4EF05304F1482E9E909AB291DB71AE88DF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EDB4C8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 214libraryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1360 edb4c8-edb533 call edb229 1363 edb559-edb57c 1360->1363 1364 edb535-edb554 call edb466 RaiseException 1360->1364 1366 edb57e 1363->1366 1367 edb581-edb58e 1363->1367 1373 edb730-edb734 1364->1373 1366->1367 1368 edb5af-edb5b1 1367->1368 1369 edb590-edb5a3 1367->1369 1371 edb64a-edb64f 1368->1371 1372 edb5b7-edb5b9 1368->1372 1387 edb705-edb70d 1369->1387 1397 edb5a9 1369->1397 1377 edb651-edb661 1371->1377 1378 edb663-edb665 1371->1378 1375 edb5bb-edb5cf 1372->1375 1376 edb5d1-edb5e2 LoadLibraryExA 1372->1376 1375->1376 1382 edb632-edb63b 1375->1382 1381 edb5e4-edb5f5 GetLastError 1376->1381 1376->1382 1377->1378 1379 edb66b-edb673 1378->1379 1380 edb700-edb703 1378->1380 1385 edb675-edb678 1379->1385 1386 edb6a2-edb6b0 GetProcAddress 1379->1386 1380->1387 1383 edb60d-edb62d call edb466 RaiseException 1381->1383 1384 edb5f7-edb60b 1381->1384 1389 edb63d-edb63e FreeLibrary 1382->1389 1390 edb644 1382->1390 1383->1373 1384->1382 1384->1383 1385->1386 1393 edb67a-edb684 1385->1393 1386->1380 1398 edb6b2-edb6c3 GetLastError 1386->1398 1395 edb70f-edb727 1387->1395 1396 edb729-edb72e call edb466 1387->1396 1389->1390 1390->1371 1393->1386 1401 edb686-edb68d 1393->1401 1395->1396 1396->1373 1397->1368 1403 edb6db-edb6fd call edb466 RaiseException call edb229 1398->1403 1404 edb6c5-edb6d9 1398->1404 1401->1386 1408 edb68f-edb693 1401->1408 1403->1380 1404->1380 1404->1403 1408->1386 1413 edb695-edb6a0 1408->1413 1413->1380 1413->1386
                    APIs
                    • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EDB54C
                    • LoadLibraryExA.KERNEL32(?,00000000,00000000), ref: 00EDB5D8
                    • GetLastError.KERNEL32 ref: 00EDB5E4
                    • RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 00EDB624
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ExceptionRaise$ErrorLastLibraryLoad
                    • String ID: $
                    • API String ID: 948315288-3993045852
                    • Opcode ID: ba686e33d78ef6900474a658f91380b79c09505dab51ac55a2537b6f2f4bddad
                    • Instruction ID: f144c3235d865902f72d065beffb9aa4157ecee91e4d8324cd2ba829b696fb6f
                    • Opcode Fuzzy Hash: ba686e33d78ef6900474a658f91380b79c09505dab51ac55a2537b6f2f4bddad
                    • Instruction Fuzzy Hash: C08131B590121DDFCB21DF95D984AAEB7BAFF54324B16502AE810B7310EB70DD028B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E1D9A0 Relevance: 15.3, APIs: 10, Instructions: 269COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1651 e1d9a0-e1d9d1 1652 e1dd80-e1dd92 call edde47 1651->1652 1653 e1d9d7-e1d9e0 1651->1653 1655 e1d9e6-e1d9f9 1653->1655 1656 e1dabe-e1dac4 1653->1656 1667 e1dc3c-e1dc46 1655->1667 1668 e1d9ff-e1da05 1655->1668 1657 e1daca-e1dadd 1656->1657 1658 e1db4e-e1db54 1656->1658 1657->1667 1670 e1dae3-e1dae9 1657->1670 1660 e1db56-e1db64 call e1e160 1658->1660 1661 e1db7e-e1db84 1658->1661 1682 e1db66-e1db7b call edde47 1660->1682 1663 e1dbb0-e1dbb6 1661->1663 1664 e1db86-e1dba8 call e1e4e0 1661->1664 1672 e1dc25-e1dc28 1663->1672 1673 e1dbb8-e1dbcb 1663->1673 1671 e1dd54-e1dd7a call dd93e0 1664->1671 1685 e1dbae 1664->1685 1667->1671 1675 e1daa8-e1dab9 1668->1675 1676 e1da0b-e1da47 GetWindowRect GetCursorPos PtInRect 1668->1676 1670->1667 1681 e1daef-e1db4b GetCursorPos ScreenToClient RedrawWindow call edde47 1670->1681 1671->1652 1671->1682 1679 e1dc4b-e1dc4e 1672->1679 1680 e1dc2a-e1dc36 RedrawWindow 1672->1680 1673->1667 1696 e1dbcd-e1dbd2 1673->1696 1675->1671 1676->1667 1683 e1da4d-e1da7e TrackMouseEvent 1676->1683 1679->1680 1686 e1dc50-e1dc56 1679->1686 1680->1667 1690 e1da80-e1da8c RedrawWindow 1683->1690 1691 e1da92-e1daa3 1683->1691 1685->1682 1693 e1dca7-e1dcc9 call e1eea0 1686->1693 1694 e1dc58-e1dc5e 1686->1694 1690->1691 1691->1671 1693->1671 1709 e1dccf 1693->1709 1698 e1dc60-e1dc84 call e1f230 1694->1698 1699 e1dc8f-e1dc95 1694->1699 1700 e1dbd4-e1dbd9 1696->1700 1701 e1dc07-e1dc22 call edde47 1696->1701 1698->1671 1714 e1dc8a 1698->1714 1699->1693 1707 e1dc97-e1dc9d 1699->1707 1705 e1dbf2-e1dc04 call e1ea20 1700->1705 1706 e1dbdb-e1dbf0 CallWindowProcW 1700->1706 1705->1701 1706->1705 1707->1693 1712 e1dc9f-e1dca5 1707->1712 1709->1682 1712->1693 1713 e1dcd4-e1dcda 1712->1713 1716 e1dce5-e1dceb 1713->1716 1717 e1dcdc-e1dce3 1713->1717 1714->1682 1719 e1dd16-e1dd1c 1716->1719 1720 e1dced 1716->1720 1718 e1dcf4-e1dd0f 1717->1718 1718->1671 1721 e1dd11 1718->1721 1722 e1dd50 1719->1722 1723 e1dd1e-e1dd25 1719->1723 1720->1718 1721->1682 1722->1671 1723->1722 1724 e1dd27-e1dd48 call e1f600 1723->1724 1724->1682 1727 e1dd4e 1724->1727 1727->1671
                    APIs
                    • GetWindowRect.USER32(?,?), ref: 00E1DA21
                    • GetCursorPos.USER32(?), ref: 00E1DA2C
                    • PtInRect.USER32(?,?,?), ref: 00E1DA3F
                    • TrackMouseEvent.USER32 ref: 00E1DA71
                    • RedrawWindow.USER32(?,00000000,00000000,00000401), ref: 00E1DA8C
                    • GetCursorPos.USER32(?), ref: 00E1DAFD
                    • ScreenToClient.USER32(?,?), ref: 00E1DB0B
                    • RedrawWindow.USER32 ref: 00E1DB26
                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 00E1DBEA
                    • RedrawWindow.USER32(?,00000000,00000000,00000401,?,?), ref: 00E1DC36
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Redraw$CursorRect$CallClientEventMouseProcScreenTrack
                    • String ID:
                    • API String ID: 145783414-0
                    • Opcode ID: 68efe70bac0d9ca8efe615b54669f365b6852c37b57eab3af7668ea664da8767
                    • Instruction ID: 5e840232dd4ce1792e1501ca6e091d382dc6ee33bba345a7b8c331a5385ac161
                    • Opcode Fuzzy Hash: 68efe70bac0d9ca8efe615b54669f365b6852c37b57eab3af7668ea664da8767
                    • Instruction Fuzzy Hash: 6FB17D71608305ABDB15DF24CC44BEAF7E5FF84318F005A1AF869A7290D7B5A994CBC2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DEFF9B Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 323COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID: tj$t)j$1
                    • API String ID: 0-1494603718
                    • Opcode ID: edaccd46a8b404a7bdde514fd4ac9eb0f4ec30e20c9ad5790eb78047691f2906
                    • Instruction ID: 151839157996c467b92ea2def2306784cc03f220ba5a1294de535554f8837fce
                    • Opcode Fuzzy Hash: edaccd46a8b404a7bdde514fd4ac9eb0f4ec30e20c9ad5790eb78047691f2906
                    • Instruction Fuzzy Hash: 49E16231A00619DFDB25CF28C844BADBBB1FF49304F158299D959AB352CB71AE85CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EDB8AB Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                    Download Yara Rule
                    APIs
                    • DecodePointer.KERNEL32(?,?,?,00EDBBF1,00F9C490,?,?,?,00E88110,00000000,?,00000000,604EB446), ref: 00EDB8BD
                    • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,00EDBBF1,00F9C490,?,?,?,00E88110,00000000,?,00000000,604EB446), ref: 00EDB8D2
                    • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,604EB446), ref: 00EDB94E
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DecodePointer$LibraryLoad
                    • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                    • API String ID: 1423960858-1745123996
                    • Opcode ID: ca145786714a98e615ad48234f11d1266f390c28c85873d83ae5e8d52a980a66
                    • Instruction ID: bb9c548d9c32de823e42c9a939562d419675f561a2e2f27a2120bfcadcbe80f1
                    • Opcode Fuzzy Hash: ca145786714a98e615ad48234f11d1266f390c28c85873d83ae5e8d52a980a66
                    • Instruction Fuzzy Hash: 5C0108B1A84355BBDB25BB149C23BDA3BC48B41798F051051FE04763D6F791C90AE2D6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E6A610 Relevance: 13.7, APIs: 9, Instructions: 166threadCOMMON
                    Download Yara Rule
                    APIs
                    • GetActiveWindow.USER32 ref: 00E6A648
                    • SetLastError.KERNEL32(0000000E,?,?,?,?,00000000,00F20645,000000FF,?,80004005,604EB446,?,?,?,Function_0015147D,000000FF), ref: 00E6A685
                    • GetCurrentThreadId.KERNEL32 ref: 00E6A6B9
                    • SetWindowTextW.USER32(?,0000000A), ref: 00E6A743
                    • GetDlgItem.USER32(?,000003E9), ref: 00E6A74D
                    • SetWindowTextW.USER32(00000000,00000000), ref: 00E6A759
                      • Part of subcall function 00E6A1F0: GetDlgItem.USER32(?,00000002), ref: 00E6A210
                      • Part of subcall function 00E6A1F0: GetWindowRect.USER32(00000000,?), ref: 00E6A226
                      • Part of subcall function 00E6A1F0: ShowWindow.USER32(00000000,00000000,?,?,?,?,?,?,?,604EB446), ref: 00E6A23F
                      • Part of subcall function 00E6A1F0: InvalidateRect.USER32(00000000,00000000,00000001,?,?,?,?,?,?,?,604EB446), ref: 00E6A24A
                      • Part of subcall function 00E6A1F0: GetDlgItem.USER32(0000000A,000003E9), ref: 00E6A25C
                      • Part of subcall function 00E6A1F0: GetWindowRect.USER32(00000000,?), ref: 00E6A272
                      • Part of subcall function 00E6A1F0: SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000206,?,?,?,?,?,?,?,604EB446), ref: 00E6A2B8
                    • GetDlgItem.USER32(?,00000002), ref: 00E6A798
                    • SetWindowTextW.USER32(00000000,00F51FFC), ref: 00E6A7A0
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Item$RectText$ActiveCurrentErrorInvalidateLastShowThread
                    • String ID:
                    • API String ID: 127311041-0
                    • Opcode ID: c28397afbceef715f4da283245a59e8265fa53710b053aba03fdd22477f329bb
                    • Instruction ID: 32c5405b669b00d9e20361f74e4e403c77bf1087e240b0b991bbb9a139e9ac0f
                    • Opcode Fuzzy Hash: c28397afbceef715f4da283245a59e8265fa53710b053aba03fdd22477f329bb
                    • Instruction Fuzzy Hash: A151A131900604EFDB21DF65DC44B9ABBF4FF04764F18866AE919AB2A1D730E900DFA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF4C50 Relevance: 13.6, APIs: 9, Instructions: 131COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowDC.USER32(?,?,?,?,?,?,00F0A6FD,000000FF,?,00DF423A,?,?,?,?,604EB446,?), ref: 00DF4CA3
                    • GetWindowRect.USER32(?,00F0A6FD), ref: 00DF4CC2
                    • GetRgnBox.GDI32(?,?), ref: 00DF4CE7
                    • IntersectRect.USER32(?,?,00F0A6FD), ref: 00DF4D00
                    • OffsetRect.USER32(?,00F0A6FD,000000FF), ref: 00DF4D1E
                    • CreateRectRgn.GDI32(?,?,?,?), ref: 00DF4D4F
                    • SelectClipRgn.GDI32(00000000,00000000), ref: 00DF4D5C
                    • DeleteObject.GDI32(00000000), ref: 00DF4D83
                    • DeleteDC.GDI32 ref: 00DF4DA6
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Rect$DeleteWindow$ClipCreateIntersectObjectOffsetSelect
                    • String ID:
                    • API String ID: 3582722960-0
                    • Opcode ID: 2073984dde76534c21c4b4b0c0d612cfc847c38a541e9461db9c70c438daef19
                    • Instruction ID: 0a4814910a1de484cd0e3973bda318251599f9868f8fddd150787d43a54e9566
                    • Opcode Fuzzy Hash: 2073984dde76534c21c4b4b0c0d612cfc847c38a541e9461db9c70c438daef19
                    • Instruction Fuzzy Hash: 19513871D0021CAFDB11DFA8DD88BEEBBB8EF49304F15425AE905E7250E771A940DB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E870E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 184fileCOMMON
                    Download Yara Rule
                    APIs
                    • SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,604EB446,00000000,00000000,?), ref: 00E8721D
                    • GetTempPathW.KERNEL32(00000104,?), ref: 00E872B9
                    • GetTempFileNameW.KERNEL32(?,shim_clone,00000000,?), ref: 00E872EA
                    • Wow64DisableWow64FsRedirection.KERNEL32(00000000,?), ref: 00E8731D
                    • CopyFileW.KERNEL32(?,?,00000000), ref: 00E8733F
                      • Part of subcall function 00EDE23A: EnterCriticalSection.KERNEL32(00F9C82C,?,?,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE245
                      • Part of subcall function 00EDE23A: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE282
                    • Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 00E8736E
                      • Part of subcall function 00EDE1F0: EnterCriticalSection.KERNEL32(00F9C82C,?,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE1FA
                      • Part of subcall function 00EDE1F0: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE22D
                      • Part of subcall function 00EDE1F0: RtlWakeAllConditionVariable.NTDLL ref: 00EDE2A4
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSectionWow64$EnterFileLeavePathRedirectionTemp$ConditionCopyDisableFolderNameRevertVariableWake
                    • String ID: shim_clone
                    • API String ID: 1304637219-3944563459
                    • Opcode ID: 0617d4937f6d8b5155680eb5b69c07dbaa470493eac3a6f95522d229015ed7ab
                    • Instruction ID: 817994894a1353fb122ba588aecab081a43cb5dda2a6728e174721805af4f341
                    • Opcode Fuzzy Hash: 0617d4937f6d8b5155680eb5b69c07dbaa470493eac3a6f95522d229015ed7ab
                    • Instruction Fuzzy Hash: 897102B0A042089FEB21FF24DD45B99B7F5EB44714F2440AAE84CAB2A1D7B1DE44DF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E16CC0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 163windowCOMMON
                    Download Yara Rule
                    APIs
                    • CreateWindowExW.USER32(?,msctls_progress32,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00E16DDE
                    • GetWindowLongW.USER32(?,000000F0), ref: 00E16E31
                    • GetWindowLongW.USER32(?,000000F0), ref: 00E16E3D
                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00E16E46
                    • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00E16E64
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Long$CreateMessageSend
                    • String ID: ProgressBar$msctls_progress32
                    • API String ID: 301620804-79040089
                    • Opcode ID: 7c44d87288f78090cb97104af2e8c3f81df0d890b73a54186b01fea37789dae4
                    • Instruction ID: f2f049ff7ac0b955e3b920dbecc35701953e897b77703fc542e7d887443453cd
                    • Opcode Fuzzy Hash: 7c44d87288f78090cb97104af2e8c3f81df0d890b73a54186b01fea37789dae4
                    • Instruction Fuzzy Hash: 45515B75A00218AFDB04DF68CD85FEDBBB4EF49714F144259E912BB2A4CB70AD00CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E29C00 Relevance: 12.2, APIs: 8, Instructions: 184windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(?,000000F0), ref: 00E29C42
                    • DeleteObject.GDI32(?), ref: 00E29C55
                      • Part of subcall function 00E329D0: GetClientRect.USER32(00DFFF23,?), ref: 00E329FB
                      • Part of subcall function 00E14160: DestroyCursor.USER32(604EB446), ref: 00E1419D
                      • Part of subcall function 00E14160: LoadImageW.USER32(00000000,?,00000001,00000100,00000100,00000010), ref: 00E1427C
                    • DestroyCursor.USER32(?), ref: 00E29C70
                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00E29CA1
                    • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 00E29DAA
                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00E29E41
                    • SendMessageW.USER32(?,000000F7,00000001,?), ref: 00E29E5A
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LongWindow$CursorDestroyMessageSend$ClientDeleteImageLoadObjectRect
                    • String ID:
                    • API String ID: 1496936930-0
                    • Opcode ID: 4b689ef0704d2d3349f4eb3bfd9f7d3b0fc6227ab418dd4c635d93d1df449c9b
                    • Instruction ID: 94a068c049d5a7b68a8fbf6b1042237079f84d0351df0f0e5955f2f68fad68b1
                    • Opcode Fuzzy Hash: 4b689ef0704d2d3349f4eb3bfd9f7d3b0fc6227ab418dd4c635d93d1df449c9b
                    • Instruction Fuzzy Hash: 67719B71901609AFDB10DFA8DD88BDEBBF5FF44314F101219F416A72A1DB70AA04DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E68510 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 224fileCOMMON
                    Download Yara Rule
                    APIs
                    • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000), ref: 00E686D1
                    • SetFilePointer.KERNEL32(?,7FFFFFFF,00000000,00000000,?), ref: 00E68730
                    • SetEndOfFile.KERNEL32(?), ref: 00E68739
                    • FindCloseChangeNotification.KERNEL32(?), ref: 00E68752
                    Strings
                    • Not enough disk space to extract file:, xrefs: 00E685DB
                    • %sholder%d.aiph, xrefs: 00E686AD
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: File$ChangeCloseCreateFindNotificationPointer
                    • String ID: %sholder%d.aiph$Not enough disk space to extract file:
                    • API String ID: 3635197886-929304071
                    • Opcode ID: 7fc6b3a5e127c0b1c56be4752b126d07a39c2d1048ebd440af7cf27258e0768e
                    • Instruction ID: 30c1b31e6d42eacaf107091e8edd0ebc5da6e9233c91771fb39b4f32199fa174
                    • Opcode Fuzzy Hash: 7fc6b3a5e127c0b1c56be4752b126d07a39c2d1048ebd440af7cf27258e0768e
                    • Instruction Fuzzy Hash: 1C81CF71A402099BDB10DF68DD45BAEBBB5FF45364F24462AF921E7391DB31E900CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E85840 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187fileCOMMON
                    Download Yara Rule
                    APIs
                    • SetFilePointer.KERNEL32(?,-00000400,?,00000002,00000400,604EB446,?,?,?,?,?), ref: 00E858E6
                    • GetLastError.KERNEL32(?,?,?,?), ref: 00E858F4
                    • ReadFile.KERNEL32(?,00000000,00000400,000000FF,00000000,?,?,?,?), ref: 00E8590F
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: File$ErrorLastPointerRead
                    • String ID: ADVINSTSFX
                    • API String ID: 64821003-4038163286
                    • Opcode ID: 3af69cf4026800b4439f592776bcb015fe20d646f7bf6a78e79818868e2dab87
                    • Instruction ID: e088ef025fcabfec215e43aa222b857c2be138dcf7e004b7c534378532b69b03
                    • Opcode Fuzzy Hash: 3af69cf4026800b4439f592776bcb015fe20d646f7bf6a78e79818868e2dab87
                    • Instruction Fuzzy Hash: 9661BF72A006099BDB14EF68C884BBEBBB5FF45328F245265E51DB7291DB30AD41CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC1E41 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115COMMON
                    Download Yara Rule
                    APIs
                    • CallWindowProcW.USER32(?,?,?,?,00000024), ref: 00DC1EE0
                    • GetWindowLongW.USER32(?,000000FC), ref: 00DC1EF5
                    • CallWindowProcW.USER32(?,?,00000082,?,00000024), ref: 00DC1F0B
                    • GetWindowLongW.USER32(?,000000FC), ref: 00DC1F25
                    • SetWindowLongW.USER32(?,000000FC,?), ref: 00DC1F35
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Long$CallProc
                    • String ID: $
                    • API String ID: 513923721-3993045852
                    • Opcode ID: 4b0365494e652483799f94acaa94c9e2f41c8dff5805f60d98cbd89df471dd0c
                    • Instruction ID: cdc851e7b8ff3f4abcd54053c476e5ee9205ede5a36117f0076d98c09237ba53
                    • Opcode Fuzzy Hash: 4b0365494e652483799f94acaa94c9e2f41c8dff5805f60d98cbd89df471dd0c
                    • Instruction Fuzzy Hash: 9A41F272108744AFD720DF59C884A1BFBF5FF89724F504A1EF59A836A1C772E8448BA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E32820 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                    Download Yara Rule
                    APIs
                    • DeleteObject.GDI32(?), ref: 00E32872
                    • GetDC.USER32(00000000), ref: 00E32896
                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00E3289B
                    • GetDC.USER32(00000000), ref: 00E328B6
                    • CreateCompatibleDC.GDI32(00000000), ref: 00E328B9
                    • SelectObject.GDI32(00000000,?), ref: 00E328C7
                    • DeleteDC.GDI32(00000000), ref: 00E328F7
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CompatibleCreateDeleteObject$BitmapSelect
                    • String ID:
                    • API String ID: 3590194090-0
                    • Opcode ID: 60c64fe9c2158260447798a79f75f34e933bee6781002bcc23e0430d98b1c803
                    • Instruction ID: 8df4b2a9d3874822721e3208f49946473a94496fb7b8669a2ef848ae8a171766
                    • Opcode Fuzzy Hash: 60c64fe9c2158260447798a79f75f34e933bee6781002bcc23e0430d98b1c803
                    • Instruction Fuzzy Hash: 02314C7690420DEFCB10CF99ED48BAEBBB8FF49721F10411AEA15A3350D7359910DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E6A1F0 Relevance: 10.6, APIs: 7, Instructions: 74COMMON
                    Download Yara Rule
                    APIs
                    • GetDlgItem.USER32(?,00000002), ref: 00E6A210
                    • GetWindowRect.USER32(00000000,?), ref: 00E6A226
                    • ShowWindow.USER32(00000000,00000000,?,?,?,?,?,?,?,604EB446), ref: 00E6A23F
                    • InvalidateRect.USER32(00000000,00000000,00000001,?,?,?,?,?,?,?,604EB446), ref: 00E6A24A
                    • GetDlgItem.USER32(0000000A,000003E9), ref: 00E6A25C
                    • GetWindowRect.USER32(00000000,?), ref: 00E6A272
                    • SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000206,?,?,?,?,?,?,?,604EB446), ref: 00E6A2B8
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Rect$Item$InvalidateShow
                    • String ID:
                    • API String ID: 2147159307-0
                    • Opcode ID: 1bdca4da51e298e6b1a0d2492bb533097c65b3715f4ccf7eaa4e3f832f8dee69
                    • Instruction ID: beaa530c29881f2763b53d11d1755bedae66a32f09039603fff5c366c0af462d
                    • Opcode Fuzzy Hash: 1bdca4da51e298e6b1a0d2492bb533097c65b3715f4ccf7eaa4e3f832f8dee69
                    • Instruction Fuzzy Hash: 09217C70A14304AFD311DF24DD49B6ABBE8EF8C714F00861EF848EA2A1D7309D81CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E66CE0 Relevance: 9.4, APIs: 6, Instructions: 354fileCOMMON
                    Download Yara Rule
                    APIs
                    • SetFilePointer.KERNEL32(?,?,?,00000000,604EB446,?,?,00000002,?,?,?,?,?,?,00000000,00F1FC62), ref: 00E66D37
                    • GetLastError.KERNEL32(?,00000002), ref: 00E66FC9
                    • GetLastError.KERNEL32(?,00000002), ref: 00E67073
                    • GetLastError.KERNEL32(?,00000002,?,?,?,?,?,?,00000000,00F1FC62,000000FF,?,00E65C8A,00000010), ref: 00E66D46
                      • Part of subcall function 00E4DE60: FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,604EB446,?,00000000), ref: 00E4DEAB
                      • Part of subcall function 00E4DE60: GetLastError.KERNEL32(?,00000000), ref: 00E4DEB5
                    • ReadFile.KERNEL32(?,00000000,00000008,80070057,00000000,?,00000002), ref: 00E66E08
                    • ReadFile.KERNEL32(?,604EB446,00000000,00000000,00000000,00000001,?,00000002), ref: 00E66E85
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ErrorLast$File$Read$FormatMessagePointer
                    • String ID:
                    • API String ID: 3903527278-0
                    • Opcode ID: 7d14781fee2292e66fa0128d6be8384d3a37a2545f9209d3bfb17c2d5f4398b8
                    • Instruction ID: 3ec81747996be91e567e928a0a6824b2e149d70f7330371442bb4e88329026e6
                    • Opcode Fuzzy Hash: 7d14781fee2292e66fa0128d6be8384d3a37a2545f9209d3bfb17c2d5f4398b8
                    • Instruction Fuzzy Hash: FCD19471D00209DFDB00DFA8D885BAEF7B5FF44358F148269E825AB392D775A905CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E5DEB0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 432COMMON
                    Download Yara Rule
                    APIs
                    • GetActiveWindow.USER32 ref: 00E5E09A
                    • SetLastError.KERNEL32(0000000E), ref: 00E5E0B7
                    • DialogBoxParamW.USER32(000007D0,00000000,Function_00046AE0,00000000,?), ref: 00E5E0E9
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ActiveDialogErrorLastParamWindow
                    • String ID: Advinst_Extract_
                    • API String ID: 3206804400-521781103
                    • Opcode ID: bd82bd8bfa5e9a43e54a26e1d0008d43e4e325a12faa3b7c56729f22433e0037
                    • Instruction ID: 29454efde9fb409fbeaa3558014fe01463a8a08c467d853d37e82f4b91293a3d
                    • Opcode Fuzzy Hash: bd82bd8bfa5e9a43e54a26e1d0008d43e4e325a12faa3b7c56729f22433e0037
                    • Instruction Fuzzy Hash: 5702CF70900249DFDB04DFA8C844B9EBBF4FF15315F1485A9E815AB392DB74AA09CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E61770 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 221filethreadCOMMON
                    Download Yara Rule
                    APIs
                    • GetExitCodeThread.KERNEL32(?,?,604EB446,?,00000000), ref: 00E617B6
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                      • Part of subcall function 00DB9230: FindResourceW.KERNEL32(00000000,?,00000006,?,000000FF,?,00E828EB,\\.\pipe\ToServer,?,?,?,00000000,00F15C26,000000FF,?,80004005), ref: 00DB9257
                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,CLOSE,00000005), ref: 00E6194A
                    • FlushFileBuffers.KERNEL32(?), ref: 00E61953
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: File$BuffersCodeExitFindFlushHeapProcessResourceThreadWrite
                    • String ID: Advinst_Estimate_$CLOSE
                    • API String ID: 499306564-755230127
                    • Opcode ID: 30754f73b13891ba44b8333ff750afea6e172fc30db53b1edd1616358049fba4
                    • Instruction ID: 5d9650bbb406c016220f77973cbd0cd057c1210a46534d1f50b300854dadf382
                    • Opcode Fuzzy Hash: 30754f73b13891ba44b8333ff750afea6e172fc30db53b1edd1616358049fba4
                    • Instruction Fuzzy Hash: D381F570900649DFDB01DBA8DC59BAEFBF4EF45314F188298E911A72D2DB749D04CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E87680 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 208COMMON
                    Download Yara Rule
                    APIs
                    • GetFileVersionInfoSizeW.KERNELBASE(?,604EB446,604EB446,?,00F9C450,?,?,00E696F9,?,604EB446,?,?,?,00000000,00F20405), ref: 00E876E5
                    • GetFileVersionInfoW.KERNELBASE(?,?,00000000,?,00000000,?,00F9C450,?,?,00E696F9,?,604EB446,?,?,?,00000000), ref: 00E87733
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: FileInfoVersion$Size
                    • String ID: ProductName$\StringFileInfo\%04x%04x\%s$\VarFileInfo\Translation
                    • API String ID: 2104008232-2149928195
                    • Opcode ID: 003f56172158b6f45043d2075f6ac561fdab7c5dd0f3663e1cf30f4a2d8c31e8
                    • Instruction ID: 3ad3e884b8d6b0853f69bbc59f9d52aa4180d679a6f1f23cb4c908e489920b9f
                    • Opcode Fuzzy Hash: 003f56172158b6f45043d2075f6ac561fdab7c5dd0f3663e1cf30f4a2d8c31e8
                    • Instruction Fuzzy Hash: ED71AD719041199FDB04EFA8C949AEEBBF8EF15315F24416AE959B7291EB30DD00CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E34670 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127COMMON
                    Download Yara Rule
                    APIs
                    • FreeLibrary.KERNEL32(00000000,604EB446), ref: 00E346A7
                    • EnterCriticalSection.KERNEL32(00F9D5C4), ref: 00E346C2
                    • DestroyWindow.USER32(00000000), ref: 00E346E0
                    • LeaveCriticalSection.KERNEL32(00F9D5C4), ref: 00E34729
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$DestroyEnterFreeLeaveLibraryWindow
                    • String ID: @v
                    • API String ID: 3548107383-311380672
                    • Opcode ID: 0d96ae508d38efa5fa2901872d7624f48fa5a2971c819a3678b89ed0fa179c8d
                    • Instruction ID: 38e696682fa02111801ee6a7a73fc01c43f8ceb3db8967be81393cf048e700f2
                    • Opcode Fuzzy Hash: 0d96ae508d38efa5fa2901872d7624f48fa5a2971c819a3678b89ed0fa179c8d
                    • Instruction Fuzzy Hash: B141AAB1905308DBDB20DF68D948B1ABBE4EF01718F15466EE855BB3A0D774AC44CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E87570 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96fileCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00E870E0: SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,604EB446,00000000,00000000,?), ref: 00E8721D
                    • GetFileVersionInfoSizeW.KERNELBASE(?,000000FF,Shlwapi.dll,604EB446,00000000,?,?,00000000,00F26225,000000FF,Shlwapi.dll,00E87526,?,?,?), ref: 00E875BD
                    • GetFileVersionInfoW.KERNELBASE(?,?,?,00000000,00000000,?,?), ref: 00E875E9
                    • GetLastError.KERNEL32(?,?), ref: 00E8762E
                    • DeleteFileW.KERNEL32(?), ref: 00E87641
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: File$InfoVersion$DeleteErrorFolderLastPathSize
                    • String ID: Shlwapi.dll
                    • API String ID: 2825328469-1687636465
                    • Opcode ID: 45689fc7c10a47840cdb0aa5afc7b2de27e07800911ddc1aa876f995bf35e28d
                    • Instruction ID: a8eff9868dcdb3fef4c5b66b5edc4b36cbb52197511fb7d7647c5bb32335c127
                    • Opcode Fuzzy Hash: 45689fc7c10a47840cdb0aa5afc7b2de27e07800911ddc1aa876f995bf35e28d
                    • Instruction Fuzzy Hash: 923183B1904209ABDB10DFA9D944BEEBBB8EF09314F24515AE849B3251E734D900DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E16FB0 Relevance: 7.8, APIs: 5, Instructions: 270windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E1713D
                    • SetWindowTextW.USER32(?,?), ref: 00E17158
                    • GetDesktopWindow.USER32 ref: 00E1718F
                    • GetDC.USER32(00000000), ref: 00E17196
                    • GetDeviceCaps.GDI32(00000000), ref: 00E1719D
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$AllocateCapsDesktopDeviceHeapMessageSendText
                    • String ID:
                    • API String ID: 827609831-0
                    • Opcode ID: 507303b00647fb18e7316adff3ca47bf6f22ad73ddcb1afdb086644b5a8aaa95
                    • Instruction ID: 0b4511297ab50775ca4c1a005f264dbf4af0ca50047ebf9b5ec6fc90e2186f49
                    • Opcode Fuzzy Hash: 507303b00647fb18e7316adff3ca47bf6f22ad73ddcb1afdb086644b5a8aaa95
                    • Instruction Fuzzy Hash: AFB14A71A04208DFDB14DFA8D894BEEFBB4FF48314F10426DE556AB2A1DB359A44CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E1DE00 Relevance: 7.8, APIs: 5, Instructions: 253windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?), ref: 00E1DFA8
                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 00E1DFC2
                    • RedrawWindow.USER32(?,00000000,00000000,00000541), ref: 00E1DFD4
                    • SendMessageW.USER32(?,00000435,00000000,00000000), ref: 00E1E0AA
                    • SendMessageW.USER32(?,00000449,00000002,?), ref: 00E1E0D1
                      • Part of subcall function 00E1F9B0: SendMessageW.USER32(?,000000CE,00000000,00000000), ref: 00E1FAF9
                      • Part of subcall function 00E1F9B0: SendMessageW.USER32(?,000000BA,00000000,00000000), ref: 00E1FB0C
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend$Window$Redraw
                    • String ID:
                    • API String ID: 1832654130-0
                    • Opcode ID: 869884dbb786bc30b7de517b8bd8c5c54b378591e622adffe0cd60f7785946f4
                    • Instruction ID: a71a0850b6e275f125603e85773307c049742312f2397d2a3b36a75c1544cdf6
                    • Opcode Fuzzy Hash: 869884dbb786bc30b7de517b8bd8c5c54b378591e622adffe0cd60f7785946f4
                    • Instruction Fuzzy Hash: 22A18A71A00208DFDB14DFA8C885BEEBBF4FF48314F144169E916BB291DB75A944CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EA26A0 Relevance: 7.7, APIs: 5, Instructions: 165pipefileCOMMON
                    Download Yara Rule
                    APIs
                    • ConnectNamedPipe.KERNEL32(?,00000000,604EB446,?,604EB446), ref: 00EA26FE
                    • GetLastError.KERNEL32 ref: 00EA270F
                    • ReadFile.KERNEL32(?,?,00000400,?,00000000), ref: 00EA27AB
                    • GetLastError.KERNEL32 ref: 00EA27B8
                    • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,00000000,00000001,?,604EB446), ref: 00EA281C
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ErrorLastNamedPipe$ConnectFilePeekRead
                    • String ID:
                    • API String ID: 2969972373-0
                    • Opcode ID: 1fae85d482d3241e55fd527e128380dd2679288f3d6581b62e0404362f6aa267
                    • Instruction ID: ea53486c784c82cebc8be4b1cb1486c36493410d195d6b063e6d23be79f92e26
                    • Opcode Fuzzy Hash: 1fae85d482d3241e55fd527e128380dd2679288f3d6581b62e0404362f6aa267
                    • Instruction Fuzzy Hash: 99617EB0D04309DBEB14DFA8D9447AEBBB5FF48708F14811EE901BB280D775AA44CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E86D50 Relevance: 7.7, APIs: 5, Instructions: 158threadsynchronizationCOMMON
                    Download Yara Rule
                    APIs
                    • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,604EB446,?,?,00000000,?,?,?,00F2615D,000000FF,?,00E6792D,?), ref: 00E86D8D
                      • Part of subcall function 00DC2000: RaiseException.KERNEL32(00000000,00000000,00000000,00000000,00EDB848,C000008C,00000001,?,00EDB879,00000000,?,00DB9067,00000000,604EB446,000000FF,?), ref: 00DC200C
                    • CreateThread.KERNEL32(00000000,00000000,00E870D0,?,00000000,?), ref: 00E86DC3
                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00E86EAA
                    • GetExitCodeThread.KERNEL32(00000000,?), ref: 00E86EB5
                    • CloseHandle.KERNEL32(00000000), ref: 00E86ED5
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CreateThread$CloseCodeEventExceptionExitHandleObjectRaiseSingleWait
                    • String ID:
                    • API String ID: 3595790897-0
                    • Opcode ID: bf3476bfd6873542ca1492e55b51fdefa5996d85e8c3c260be4e03395d400a55
                    • Instruction ID: e8ac017019292f91e98bff08c547ba72c303afafa1805fc7f277ddcb52ba0e6e
                    • Opcode Fuzzy Hash: bf3476bfd6873542ca1492e55b51fdefa5996d85e8c3c260be4e03395d400a55
                    • Instruction Fuzzy Hash: 3E517E75A00709DFCB20DF68C984F9ABBF5FF49714F148669E919A73A1D730A940CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DEC090 Relevance: 7.6, APIs: 5, Instructions: 105windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetCursorPos.USER32(?), ref: 00DEC0EA
                    • SetCursorPos.USER32(?,?), ref: 00DEC104
                    • SetCursorPos.USER32(?,?), ref: 00DEC10E
                    • IsWindow.USER32(?), ref: 00DEC149
                    • PostMessageW.USER32(?,000005FB,00000000,00000000), ref: 00DEC197
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Cursor$MessagePostWindow
                    • String ID:
                    • API String ID: 3246667796-0
                    • Opcode ID: 1dd075162b610facb57824cbb970920e148bcc74b3c675ab701a3cf8f03c4bd9
                    • Instruction ID: c7c28cf0692e9dc99d9366dbcdc0a30f24af25d25008d961d64093bf1b657f09
                    • Opcode Fuzzy Hash: 1dd075162b610facb57824cbb970920e148bcc74b3c675ab701a3cf8f03c4bd9
                    • Instruction Fuzzy Hash: 1B3107336143189BD621DF69EC81BE2F7D4EB26321F00469BF95887151DA32A8A1DFB1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E6A2E0 Relevance: 7.6, APIs: 5, Instructions: 64windowCOMMON
                    Download Yara Rule
                    APIs
                    • MsgWaitForMultipleObjectsEx.USER32(00000001,604EB446,000000FF,000005FF,00000004), ref: 00E6A301
                    • PeekMessageW.USER32(?,00000000), ref: 00E6A347
                    • TranslateMessage.USER32(00000000), ref: 00E6A352
                    • DispatchMessageW.USER32(00000000), ref: 00E6A359
                    • MsgWaitForMultipleObjectsEx.USER32(00000001,?,000000FF,000005FF,00000004), ref: 00E6A36B
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Message$MultipleObjectsWait$DispatchPeekTranslate
                    • String ID:
                    • API String ID: 4084795276-0
                    • Opcode ID: 8bf023fc2901220453d145da03b0764469b91e5e20c059490182a2064c89587b
                    • Instruction ID: 280fe341fe058e485ab6e932bcdb83f35071fbc2edae5ae07731229e868d8e2b
                    • Opcode Fuzzy Hash: 8bf023fc2901220453d145da03b0764469b91e5e20c059490182a2064c89587b
                    • Instruction Fuzzy Hash: 36112C319843097AE610CB51AD81FBB77DCDB89774F541636FA10B61C0E770E9444B65
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E5D420 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 505synchronizationthreadCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,00000000,?,00000000), ref: 00E5D751
                    • CreateThread.KERNEL32(00000000,00000000,Function_000AE1C0,?,00000000,?), ref: 00E5D78C
                    • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,?,?,00000000), ref: 00E5D7BF
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Create$EventHeapObjectProcessSingleThreadWait
                    • String ID: \\?\
                    • API String ID: 426610576-4282027825
                    • Opcode ID: 196e9be0857bc2d4c07ca5ce7e7413b510674fe47179f6b10952e4dca4f8631c
                    • Instruction ID: 14152ab205572ef51c843bed37b84b245ce8a1aeabea4e423a32dacd6b52e09f
                    • Opcode Fuzzy Hash: 196e9be0857bc2d4c07ca5ce7e7413b510674fe47179f6b10952e4dca4f8631c
                    • Instruction Fuzzy Hash: 5712BD70A04605DFDB28DF68CC44BAEF7B4FF44319F148659E825AB2A1DB74AD48CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E639B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 326COMMON
                    Download Yara Rule
                    APIs
                    • PathIsUNCW.SHLWAPI(?,604EB446,?,00000010,?), ref: 00E63C7A
                      • Part of subcall function 00E74E80: GetCurrentProcess.KERNEL32 ref: 00E74EC8
                      • Part of subcall function 00E74E80: OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00E74ED5
                      • Part of subcall function 00E74E80: GetLastError.KERNEL32 ref: 00E74EDF
                      • Part of subcall function 00E74E80: FindCloseChangeNotification.KERNEL32(00000000), ref: 00E74FC0
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                      • Part of subcall function 00DB9230: FindResourceW.KERNEL32(00000000,?,00000006,?,000000FF,?,00E828EB,\\.\pipe\ToServer,?,?,?,00000000,00F15C26,000000FF,?,80004005), ref: 00DB9257
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Process$Find$ChangeCloseCurrentErrorHeapLastNotificationOpenPathResourceToken
                    • String ID: Extraction path set to:$[WindowsVolume]$\\?\
                    • API String ID: 1213284423-3538578949
                    • Opcode ID: d5c9598975753506441b47934719dea29211e2fc6291b19bdced21a0432a01b3
                    • Instruction ID: ae765574cd44b5461100787df946db71a3f53246db3c97e2cb400d592d2e612f
                    • Opcode Fuzzy Hash: d5c9598975753506441b47934719dea29211e2fc6291b19bdced21a0432a01b3
                    • Instruction Fuzzy Hash: 59C1B030A00646DBDB14DF78C994BAEF7F4EF45354F148268E415AB2A2DB30DE44CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E5E1C0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 270COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                      • Part of subcall function 00DB9230: FindResourceW.KERNEL32(00000000,?,00000006,?,000000FF,?,00E828EB,\\.\pipe\ToServer,?,?,?,00000000,00F15C26,000000FF,?,80004005), ref: 00DB9257
                    • SetEvent.KERNEL32(?,?,00000000,?,00000001), ref: 00E5E3B7
                    • SetEvent.KERNEL32(?), ref: 00E5E415
                      • Part of subcall function 00E687B0: DeleteFileW.KERNEL32(?,00000000,00000000,?,00000000,80004005,?,?,?,604EB446), ref: 00E687DB
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Event$DeleteFileFindHeapProcessResource
                    • String ID: @)$Advinst_Extract_
                    • API String ID: 1192275139-462017226
                    • Opcode ID: bafb8b8e52d115ca981504dd62af9aba898bd24ffadbdda0a67964c018376646
                    • Instruction ID: 6ac1c62ee7eccc5d8542f52dcf89a100723c64af02b029ce893a1fe623690af9
                    • Opcode Fuzzy Hash: bafb8b8e52d115ca981504dd62af9aba898bd24ffadbdda0a67964c018376646
                    • Instruction Fuzzy Hash: 7AB1C070900648DFDB04DFA8C854BDEFBF5FF45314F148269E905AB292EB709A48CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E82630 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 229filepipeCOMMON
                    Download Yara Rule
                    APIs
                    • ConnectNamedPipe.KERNEL32(?,00000000,604EB446,?,000000FF,?,00000000,00F25396,000000FF,?,00E8284A,000000FF,?,00000001), ref: 00E8266A
                    • GetLastError.KERNEL32(?,00E8284A,000000FF,?,00000001), ref: 00E82674
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                    • ReadFile.KERNEL32(?,?,00007F90,00000000,00000000,604EB446,?,000000FF,?,00000000,00F25396,000000FF,?,00E8284A,000000FF,?), ref: 00E826B7
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ConnectErrorFileHeapLastNamedPipeProcessRead
                    • String ID: \\.\pipe\ToServer
                    • API String ID: 2988993950-63420281
                    • Opcode ID: 0d40fe165323dbb3ee16a269f92615dfb16363a199245b53063899f54082df5e
                    • Instruction ID: 41b7a6cd7bac767e7f2beaf43c8283bd1c1084410ca0f7e16379b1cbf25a4a3d
                    • Opcode Fuzzy Hash: 0d40fe165323dbb3ee16a269f92615dfb16363a199245b53063899f54082df5e
                    • Instruction Fuzzy Hash: EA71D371604648EFDB14DF58C814BAEBBE8FF44724F10426EF91A9B391DB75A900CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E14360 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                      • Part of subcall function 00E14160: DestroyCursor.USER32(604EB446), ref: 00E1419D
                      • Part of subcall function 00E14160: LoadImageW.USER32(00000000,?,00000001,00000100,00000100,00000010), ref: 00E1427C
                    • GetWindowLongW.USER32(?,000000F0), ref: 00E14528
                    • SetWindowLongW.USER32(?,000000F0,-00000040), ref: 00E14551
                    • SendMessageW.USER32(?,00000170,?,00000000), ref: 00E1456A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LongWindow$AllocateCursorDestroyHeapImageLoadMessageSend
                    • String ID: Icon
                    • API String ID: 3112688346-3316025061
                    • Opcode ID: 2d7e42be08ca9ad1c6b0e54c3367687c634a1d7cabb329fa285d7821192a0988
                    • Instruction ID: 59715798dc1720b89242976e0d363a8efdd932486c337e701e82f09d03900040
                    • Opcode Fuzzy Hash: 2d7e42be08ca9ad1c6b0e54c3367687c634a1d7cabb329fa285d7821192a0988
                    • Instruction Fuzzy Hash: 66616E71A00208DFDB15DFA8DC55FEEBBB4FF48324F144669E526A7291DB70A904CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF8710 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                    Download Yara Rule
                    APIs
                    • SetEvent.KERNEL32(?,604EB446), ref: 00DF8773
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Event
                    • String ID: AiPredefOpen
                    • API String ID: 4201588131-276091389
                    • Opcode ID: 2f40716b96083b269e86c68c976fbb7c91a84350eaa318b8aec71fab73e052ca
                    • Instruction ID: e3d9175c00019a6d36e62882afd23a68cd241e991c28273958b267b5a2b20736
                    • Opcode Fuzzy Hash: 2f40716b96083b269e86c68c976fbb7c91a84350eaa318b8aec71fab73e052ca
                    • Instruction Fuzzy Hash: 2D719F71A00309DFCB24CF65C858BBABBF4EF04310F198559D516AB690DB74E904EFA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF8D60 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 167synchronizationthreadCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00E9F400: GetCurrentProcessId.KERNEL32(604EB446), ref: 00E9F443
                    • CreateEventW.KERNEL32(00000000,00000001,00000000,?,_uis_evt,00000008,604EB446,?,?,?), ref: 00DF8E06
                    • CreateThread.KERNEL32(00000000,00000000,Function_000308E0,00000000,00000000,00000000), ref: 00DF8F94
                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00DF8FC1
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Create$CurrentEventObjectProcessSingleThreadWait
                    • String ID: _uis_evt
                    • API String ID: 2980154694-897742952
                    • Opcode ID: b657e0d8fd1e135a87e65cd2748abff35b7eb3f770741b52487cebbbc6218a0b
                    • Instruction ID: 212a2bfcf17b514566bc433063fb121e7f8024af2f9abe9c9e4a9bbae7498a3f
                    • Opcode Fuzzy Hash: b657e0d8fd1e135a87e65cd2748abff35b7eb3f770741b52487cebbbc6218a0b
                    • Instruction Fuzzy Hash: 197115B0D00609DBDB14DFA5C845BDDFBB0FF48314F208269D119AB290EB756A09DFA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF9D20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB9FE0: GetTempPathW.KERNEL32(00000104,?,604EB446,?), ref: 00DBA0CB
                    • GetCurrentProcessId.KERNEL32 ref: 00DF9D6B
                    • PathFileExistsW.SHLWAPI(00000000,?,00000000,?), ref: 00DF9DEC
                    • CreateDirectoryW.KERNEL32(00000000,00000000,?), ref: 00DF9E22
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Path$CreateCurrentDirectoryExistsFileProcessTemp
                    • String ID: AI_EXTUI_BIN_
                    • API String ID: 28041176-1897379104
                    • Opcode ID: 05319c62b5ec8c6e94bae459d7fc9f9a288be89723a739bfcb9eb0c86a7eb011
                    • Instruction ID: 07d16d70d9ecf325b11cd637f751f09be3dbc3873daf9a8f3ba4b0009328b420
                    • Opcode Fuzzy Hash: 05319c62b5ec8c6e94bae459d7fc9f9a288be89723a739bfcb9eb0c86a7eb011
                    • Instruction Fuzzy Hash: B241AA71C05248DFCB24EFA8CC55BEDBBB4EF04314F1441A9E006A7291EB349A05EBB1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E7FB70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78registryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00ED9080: VariantInit.OLEAUT32(?), ref: 00ED915B
                      • Part of subcall function 00ED9080: VariantInit.OLEAUT32(?), ref: 00ED9173
                      • Part of subcall function 00ED9080: VariantInit.OLEAUT32(?), ref: 00ED9188
                      • Part of subcall function 00ED9080: VariantInit.OLEAUT32(?), ref: 00ED919D
                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,00000000,604EB446,?,00000000,00F24A65,000000FF), ref: 00E7FBEE
                    • RegQueryValueExW.KERNEL32(00000000,008FEC80,00000000,00000000,00F24A65,?), ref: 00E7FC22
                    • RegCloseKey.ADVAPI32(00000000), ref: 00E7FC40
                    Strings
                    • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00E7FBE4
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: InitVariant$CloseOpenQueryValue
                    • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                    • API String ID: 2730577708-1428018034
                    • Opcode ID: 6a8b03e2bda61a321db1afa09cd9f3f9e7b49dc775c360d2f24a856bb7b21af4
                    • Instruction ID: 26eefbd78c4d4c6899926a319261be992cf4feab8c230e5f9763a4919532d18b
                    • Opcode Fuzzy Hash: 6a8b03e2bda61a321db1afa09cd9f3f9e7b49dc775c360d2f24a856bb7b21af4
                    • Instruction Fuzzy Hash: C621BF71A002099BDB10DF58DD45BAAFBB8EF05724F20822AF915F72E1DB71AD00DB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2F740 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
                    Download Yara Rule
                    APIs
                    • CreateWindowExW.USER32(?,STATIC,?,00DFF918,?,80000000,00000000,00000000,00DFF918,0000008B,00000000), ref: 00E2F79A
                    • SendMessageW.USER32(00DFF918,00000031,00000000,00000000), ref: 00E2F7AF
                    • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00E2F7B7
                      • Part of subcall function 00DC0440: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00DC0476
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSendWindow$CreateLong
                    • String ID: STATIC
                    • API String ID: 4015368215-1882779555
                    • Opcode ID: 9b47526554458ef8fe1c1ce90c31d529e44752148c797e9b77e268302e4a8a57
                    • Instruction ID: da1493860b94f5326a9b6e6b984691415dca4a034e987f9edbfbecf2d191cd85
                    • Opcode Fuzzy Hash: 9b47526554458ef8fe1c1ce90c31d529e44752148c797e9b77e268302e4a8a57
                    • Instruction Fuzzy Hash: A2113375204304AFD6149F1ADC84F6BFBEDFB89B50F15421AFA04A72A5C371A800DAA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2A100 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                    Download Yara Rule
                    APIs
                    • CreateWindowExW.USER32(?,EDIT,?,00000000,?,80000000,00000000,00000000,00000000,00000000,00000000), ref: 00E2A14B
                    • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00E2A163
                    • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00E2A16B
                      • Part of subcall function 00DC0440: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00DC0476
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSendWindow$CreateLong
                    • String ID: EDIT
                    • API String ID: 4015368215-3080729518
                    • Opcode ID: 9e6618d77542a2ac1df4f35ee3a28658c3f203ae5d98ecd8c923dbd3d50ae658
                    • Instruction ID: 2f367cf9d41a9d9e4b497f9938133198036e7340854d8a753f80b787a8f51043
                    • Opcode Fuzzy Hash: 9e6618d77542a2ac1df4f35ee3a28658c3f203ae5d98ecd8c923dbd3d50ae658
                    • Instruction Fuzzy Hash: 9C011B35344214AFD6149F19CC05F5BFBA9FBC9750F15821AFA44A72A0C6B1AC10DAA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2C8A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                    Download Yara Rule
                    APIs
                    • CreateWindowExW.USER32(46030080,RichEdit20W,?,00000000,46030080,80000000,00000000,00000000,00000000,00000000,00000000), ref: 00E2C8EB
                    • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00E2C903
                    • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00E2C90B
                      • Part of subcall function 00DC0440: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00DC0476
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSendWindow$CreateLong
                    • String ID: RichEdit20W
                    • API String ID: 4015368215-4173859555
                    • Opcode ID: 6272564f1af23be5918b5b72c0b83ea0c70ce021c64b39d7f4877537e9213c98
                    • Instruction ID: 908cc145a1aa1bd473cbef788b51625d2b8f4d1519f48333b4338d3608b9907d
                    • Opcode Fuzzy Hash: 6272564f1af23be5918b5b72c0b83ea0c70ce021c64b39d7f4877537e9213c98
                    • Instruction Fuzzy Hash: 64016D31345314BFD6149F19CC04F6BFBE9FBC9750F15421AFA44A72A0C2B1AC10DAA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E29B70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                    Download Yara Rule
                    APIs
                    • CreateWindowExW.USER32(?,BUTTON,?,00000000,?,80000000,00000000,00000000,00000000,00000000,00000000), ref: 00E29BBB
                    • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00E29BD3
                    • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00E29BDB
                      • Part of subcall function 00DC0440: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00DC0476
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSendWindow$CreateLong
                    • String ID: BUTTON
                    • API String ID: 4015368215-3405671355
                    • Opcode ID: 38a84854e1f7ad09c7f7ac17fa1b2237f1fef008eb3734b96555748a331d4447
                    • Instruction ID: 1cff6fce43fb062b6e22db74707dd4df5fb79c77cdf0719cd1140f6639704bfb
                    • Opcode Fuzzy Hash: 38a84854e1f7ad09c7f7ac17fa1b2237f1fef008eb3734b96555748a331d4447
                    • Instruction Fuzzy Hash: 58015731344214AFD6149F19CC04F6BFBEAFBC9B50F15821AFA44A72A0C2B1AC10DAA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E63650 Relevance: 6.1, APIs: 4, Instructions: 149fileCOMMON
                    Download Yara Rule
                    APIs
                    • DeleteFileW.KERNEL32(0001C700), ref: 00E6371F
                    • GetLastError.KERNEL32 ref: 00E63727
                    • RemoveDirectoryW.KERNEL32(C7000000), ref: 00E63785
                    • GetLastError.KERNEL32 ref: 00E6378D
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ErrorLast$DeleteDirectoryFileRemove
                    • String ID:
                    • API String ID: 50330452-0
                    • Opcode ID: 6477886566b5edb0d2a7db0319d86c57165045d41d2f2672d6608a0ec248a4fe
                    • Instruction ID: 11fdcc849f3ced25633f8adffc4ca209e90d45f997dd9606fb950b3e1f0e994a
                    • Opcode Fuzzy Hash: 6477886566b5edb0d2a7db0319d86c57165045d41d2f2672d6608a0ec248a4fe
                    • Instruction Fuzzy Hash: 5051AF71A4060AAFCB19DFB4D488BEEFBF0FB11354F005119E45577291DB34AA09CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE4C50 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                    Download Yara Rule
                    APIs
                    • IsRectEmpty.USER32(?), ref: 00DE4D75
                    • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 00DE4D9D
                    • SelectClipRgn.GDI32(?,00000000), ref: 00DE4DB1
                    • DeleteObject.GDI32(00000000), ref: 00DE4DC3
                      • Part of subcall function 00DE5A40: SetRectEmpty.USER32(?), ref: 00DE5A61
                      • Part of subcall function 00DE5A40: GetWindowRect.USER32(?,?), ref: 00DE5A79
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Rect$Empty$ClipCreateDeleteObjectSelectWindow
                    • String ID:
                    • API String ID: 2145721318-0
                    • Opcode ID: 5ceda98b62487f336510eba1a5048b5d941080c95efc33f26eb86b3f72f4d0e9
                    • Instruction ID: 4c85d802f21cea3af3e1f2bd33390727076bdac11a710335bff45926b85d4d8c
                    • Opcode Fuzzy Hash: 5ceda98b62487f336510eba1a5048b5d941080c95efc33f26eb86b3f72f4d0e9
                    • Instruction Fuzzy Hash: 7E516371900699AFCB15EF65DC80AEEBBB9FF08320F54025AF815A7241D730AA50DBB0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E14160 Relevance: 6.1, APIs: 4, Instructions: 134COMMON
                    Download Yara Rule
                    APIs
                    • DestroyCursor.USER32(604EB446), ref: 00E1419D
                    • LoadImageW.USER32(00000000,?,00000001,00000100,00000100,00000010), ref: 00E1427C
                    • DestroyCursor.USER32(?), ref: 00E142A7
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CursorDestroy$ImageLoad
                    • String ID:
                    • API String ID: 3617843571-0
                    • Opcode ID: 1d438edb551bf05cbd1a0b488da03b154416131dafe902641631528d75a41631
                    • Instruction ID: 2dfd82e22d7068fdd9d62402fcef963a2746b1261247a3b07b22af5345c75b2d
                    • Opcode Fuzzy Hash: 1d438edb551bf05cbd1a0b488da03b154416131dafe902641631528d75a41631
                    • Instruction Fuzzy Hash: D8416CB56083058BD714CF69D880BAAB7E5EF99318F14152EF845EB3A0D770DC81CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E5C990 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                    Download Yara Rule
                    APIs
                    • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,604EB446,?,00000010,?,00E5F910,00F1E47E), ref: 00E5C9F6
                    • SetFilePointer.KERNEL32(00000000,?,00000010,00000000), ref: 00E5CA3F
                    • ReadFile.KERNEL32(00000000,604EB446,?,00F1E47E,00000000,00000078,?), ref: 00E5CA7D
                    • FindCloseChangeNotification.KERNEL32(00000000), ref: 00E5CAC9
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: File$ChangeCloseCreateFindNotificationPointerRead
                    • String ID:
                    • API String ID: 2405668454-0
                    • Opcode ID: a8868ad550a5c6bfa2bf288c8b7ef3b8a109f89f489aeeaf2fd4d7072c1f7981
                    • Instruction ID: 01b64e816af8e1a886c4e22906a403b4ecd8a1f6bf93a78e6f9d78d1fedb323f
                    • Opcode Fuzzy Hash: a8868ad550a5c6bfa2bf288c8b7ef3b8a109f89f489aeeaf2fd4d7072c1f7981
                    • Instruction Fuzzy Hash: C1418E719006099FDB11DFA8CC58BEEBBB8EF05329F248659F911B72D1D7749908CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE6830 Relevance: 6.1, APIs: 4, Instructions: 62windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowRect.USER32(?,?), ref: 00DE6861
                    • SendMessageW.USER32(?,0000007F,00000000,00000000), ref: 00DE689E
                    • GetSystemMetrics.USER32(00000031), ref: 00DE68AA
                    • GetSystemMetrics.USER32(00000032), ref: 00DE68B4
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MetricsSystem$MessageRectSendWindow
                    • String ID:
                    • API String ID: 672820984-0
                    • Opcode ID: c71a79f2839b03b167313d3676477eb7d39df3654a66bf9f894b64664440304a
                    • Instruction ID: 3d072461223a11aac4f7d0882c9537b4b42b0a30c8f12063b865f67e257fb716
                    • Opcode Fuzzy Hash: c71a79f2839b03b167313d3676477eb7d39df3654a66bf9f894b64664440304a
                    • Instruction Fuzzy Hash: D42165726043059FC720DF29C881B5ABBE8FF58314F00891AF989CB2A1E770E944CF96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E29AB0 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                    Download Yara Rule
                    APIs
                    • IsWindow.USER32(00000000), ref: 00E29AF7
                    • KiUserCallbackDispatcher.NTDLL(00000000,00000000), ref: 00E29B06
                    • DestroyCursor.USER32(?), ref: 00E29B1B
                    • DeleteObject.GDI32(?), ref: 00E29B30
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CallbackCursorDeleteDestroyDispatcherObjectUserWindow
                    • String ID:
                    • API String ID: 551386056-0
                    • Opcode ID: 91365743a3760ac80873fdcd3c55e85f2c6f12495b6242b2d3c9d89fdc65545b
                    • Instruction ID: 27ca1480343778de32896dbdd05b77358970a29b47cff7cea0a8e2ce0e54ce4a
                    • Opcode Fuzzy Hash: 91365743a3760ac80873fdcd3c55e85f2c6f12495b6242b2d3c9d89fdc65545b
                    • Instruction Fuzzy Hash: 3311C670A04748DFDB20CF65ED08B9ABBF8EB04B14F004A5EE816D3291DB74E900DB54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E6A180 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowCOMMON
                    Download Yara Rule
                    APIs
                    • GetCurrentThreadId.KERNEL32 ref: 00E6A189
                    • DestroyWindow.USER32(?), ref: 00E6A198
                    • PostMessageW.USER32(?,00000401,00000000,00000000), ref: 00E6A1B6
                    • IsWindow.USER32(?), ref: 00E6A1C5
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$CurrentDestroyMessagePostThread
                    • String ID:
                    • API String ID: 3186974096-0
                    • Opcode ID: 63ae9e141f28f2fff7eaf35ac4cb64b216a2e5fdd8d98d157023a9087b0c51bc
                    • Instruction ID: 8ac561709ef854720fe4ff155b27764e0896fa3c9152478937049e2c21526d3c
                    • Opcode Fuzzy Hash: 63ae9e141f28f2fff7eaf35ac4cb64b216a2e5fdd8d98d157023a9087b0c51bc
                    • Instruction Fuzzy Hash: D7F0E2B04027509BD730AB28FE08B037BD5AF46B14F04191EE182A6AA0C3B4F840CF64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E4A590 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 342COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                    • PathIsUNCW.SHLWAPI(?,?), ref: 00E4A720
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: HeapPathProcess
                    • String ID: \\?\$\\?\UNC\
                    • API String ID: 300331711-3019864461
                    • Opcode ID: 6d1ee9fcd15520dbdaa1d730c2ba023fa9360cfa4781049481fb4daa13ffa9b4
                    • Instruction ID: e21400461ab74bb5edc637cf37ba45e6e520b0636de36c4a78952426d4a7f149
                    • Opcode Fuzzy Hash: 6d1ee9fcd15520dbdaa1d730c2ba023fa9360cfa4781049481fb4daa13ffa9b4
                    • Instruction Fuzzy Hash: 01C18271900609DFDB00DBA8DC49BAEF7F8FF49324F188269E415E7291DB749905CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E87F60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 155COMMON
                    Download Yara Rule
                    APIs
                    • IsWindow.USER32(00000000), ref: 00E87FB2
                    • EndDialog.USER32(00000000,00000001), ref: 00E87FC1
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DialogWindow
                    • String ID: {
                    • API String ID: 2634769047-3488486751
                    • Opcode ID: 4222b0c2da503909f4be04bc79d786cd0c1cff3156abf255dead0790ac5d6fe0
                    • Instruction ID: 8beb67ed727bc9035ba0f1df60e28c880412bcc504f895697eaccc9386153652
                    • Opcode Fuzzy Hash: 4222b0c2da503909f4be04bc79d786cd0c1cff3156abf255dead0790ac5d6fe0
                    • Instruction Fuzzy Hash: 85618B70A01749DFE711CF68C948B4AFBF4EF45314F148299D849EB2A2DB70EA04CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E07D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122libraryCOMMON
                    Download Yara Rule
                    APIs
                    • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00E07D51
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                      • Part of subcall function 00DB9230: FindResourceW.KERNEL32(00000000,?,00000006,?,000000FF,?,00E828EB,\\.\pipe\ToServer,?,?,?,00000000,00F15C26,000000FF,?,80004005), ref: 00DB9257
                    • LoadLibraryExW.KERNEL32(?,00000000,00000000,-00000010), ref: 00E07E24
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DirectoryFindHeapLibraryLoadProcessResourceSystem
                    • String ID: Kernel32.dll
                    • API String ID: 2891229163-1926710522
                    • Opcode ID: a45445a47914d3bed5551ca191e28490ea1996c7ea1fa67413524d72c5fc5a69
                    • Instruction ID: e5267e689d14699b445e24504ae455bf020c61a33d00852a9eab671424a23918
                    • Opcode Fuzzy Hash: a45445a47914d3bed5551ca191e28490ea1996c7ea1fa67413524d72c5fc5a69
                    • Instruction Fuzzy Hash: 7041E1719046099BCB28EF68CC15BFE73A4FF05710F14466DE916AB2C0EB70AA41CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E6A7F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48threadCOMMON
                    Download Yara Rule
                    APIs
                    • CreateThread.KERNEL32(00000000,00000000,Function_000D7A40,00F555A8,00000000,00000000), ref: 00E6A86D
                    • GetLastError.KERNEL32 ref: 00E6A87A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CreateErrorLastThread
                    • String ID: Py
                    • API String ID: 1689873465-2620734747
                    • Opcode ID: 7ff1f4e07c887178570442570a4ec22a5fb7ae04f6a042fd0b9e5fe603e12878
                    • Instruction ID: 3f1c67b514171a6dc363c55af939df375132dbcf11d561dfdab56151e42fa7a5
                    • Opcode Fuzzy Hash: 7ff1f4e07c887178570442570a4ec22a5fb7ae04f6a042fd0b9e5fe603e12878
                    • Instruction Fuzzy Hash: 381116B19447099BDB10EFA4C915BDEBBF4FB08764F100259E824B72D0D7759A04CBA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E66800 Relevance: 4.7, APIs: 3, Instructions: 196fileCOMMON
                    Download Yara Rule
                    APIs
                    • SetFilePointer.KERNEL32(?,?,?,00000000,604EB446,?,?), ref: 00E66867
                    • ReadFile.KERNEL32(?,00000000,00000018,?,00000000), ref: 00E66974
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: File$PointerRead
                    • String ID:
                    • API String ID: 3154509469-0
                    • Opcode ID: ba18111f67e6c694ed3dbfae7d1e90208644747de74986004784006b9aed17d3
                    • Instruction ID: e0bc6ab0fadd84ceedb9f9443918137d3af3a605b2bee4e991143f4ecab199fa
                    • Opcode Fuzzy Hash: ba18111f67e6c694ed3dbfae7d1e90208644747de74986004784006b9aed17d3
                    • Instruction Fuzzy Hash: B46190B1D04609EFDB04DFA8D945B9DFBB4FF49324F14826AE824A7390DB75A904CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E4A900 Relevance: 4.7, APIs: 3, Instructions: 183COMMON
                    Download Yara Rule
                    APIs
                    • PathIsUNCW.SHLWAPI(?,604EB446,?,?,7596E010,000000FF,?,00E89967,00000000,.part,00000005,?,?), ref: 00E4A94B
                    • CreateDirectoryW.KERNEL32(00E89967,00000000,?,?,00F497CC,00000001,?), ref: 00E4AA02
                    • GetLastError.KERNEL32 ref: 00E4AA10
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CreateDirectoryErrorLastPath
                    • String ID:
                    • API String ID: 953296794-0
                    • Opcode ID: c84ccae6864bfef1f18cdb3959afd6a731fa21f059460ad65d07eb3b19de5b4e
                    • Instruction ID: 1c594e3d0dcd26651a97299cbae2cb7b9d783ece763ff46b263bea4ef6b41b45
                    • Opcode Fuzzy Hash: c84ccae6864bfef1f18cdb3959afd6a731fa21f059460ad65d07eb3b19de5b4e
                    • Instruction Fuzzy Hash: 4D61AD71A04209DFDB10DFA8D989BADBBF4EF58324F288269E411B72D0DB749944CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E63D90 Relevance: 4.7, APIs: 3, Instructions: 183fileCOMMON
                    Download Yara Rule
                    APIs
                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,604EB446,?,?,?,80004005,?,00000000), ref: 00E63E2E
                    • GetLastError.KERNEL32(?,?,?,80004005,?,00000000), ref: 00E63E66
                    • GetLastError.KERNEL32(?,?,?,?,80004005,?,00000000), ref: 00E63EFF
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ErrorLast$CreateFile
                    • String ID:
                    • API String ID: 1722934493-0
                    • Opcode ID: fa97c599a94e2d07d861f314a5a3b14fa506540a4488f29f4a25dfa38f1bcfad
                    • Instruction ID: c10ba8e6a04bd85c9bb08f63118549d3fe3bcae37cc8cdb04940e43218eab3cf
                    • Opcode Fuzzy Hash: fa97c599a94e2d07d861f314a5a3b14fa506540a4488f29f4a25dfa38f1bcfad
                    • Instruction Fuzzy Hash: B851D271A407059FDB10DF68D845BAAF7F1FF40324F144629E525A72D1EB71AA00CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E97ED0 Relevance: 4.6, APIs: 3, Instructions: 128synchronizationthreadCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00E98560: OpenEventW.KERNEL32(00000000,00000000,00000001,_pbl_evt,00000008,?,?,00F50440,00000001,604EB446,00000000), ref: 00E9860E
                      • Part of subcall function 00E98560: CreateEventW.KERNEL32(00000000,00000001,00000001,?), ref: 00E9862B
                    • WaitForSingleObject.KERNEL32(00000000,00000000,00000001,604EB446,?,00000000), ref: 00E97F20
                    • ResetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00F286F9,000000FF), ref: 00E97F35
                    • CreateThread.KERNEL32(00000000,00000000,Function_000308E0,00000000,00000000,00000000), ref: 00E98056
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Event$Create$ObjectOpenResetSingleThreadWait
                    • String ID:
                    • API String ID: 3653215127-0
                    • Opcode ID: 4ca32cb2c12b06d0912ecde4116d91adadd12b194d0caae9dd537b88ec44b21e
                    • Instruction ID: 83e2ebda457a86e69a7a59c6e3acad253d59020d881282a5958f3177a6967024
                    • Opcode Fuzzy Hash: 4ca32cb2c12b06d0912ecde4116d91adadd12b194d0caae9dd537b88ec44b21e
                    • Instruction Fuzzy Hash: 03518CB0C04748EBDB20DFA8C94179EFBF0FF15314F108259E855AB291E7B46A44DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E474F0 Relevance: 4.6, APIs: 3, Instructions: 126fileCOMMON
                    Download Yara Rule
                    APIs
                    • DeleteFileW.KERNEL32(00000000,0000002A,00000000,?,604EB446,00000001), ref: 00E47560
                    • DeleteFileW.KERNEL32(?,?,00000000,0000002A,00000000,?,604EB446,00000001), ref: 00E475F1
                    • FindNextFileW.KERNEL32(?,?), ref: 00E47632
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: File$Delete$FindNext
                    • String ID:
                    • API String ID: 1410743141-0
                    • Opcode ID: 60e210585faa125a67f3651d2fc6cda870ad0ca80fc5d8a3f8649571f0666c09
                    • Instruction ID: 4392626eb0c824fb2b0adf9f2906351557319ac6cdeff0555bab64408dff86c8
                    • Opcode Fuzzy Hash: 60e210585faa125a67f3651d2fc6cda870ad0ca80fc5d8a3f8649571f0666c09
                    • Instruction Fuzzy Hash: 4E41B870A046189FDF24EF68EC88B9EB7B6EF04314F1052E9E459B7291DB349E44CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E952C0 Relevance: 4.6, APIs: 3, Instructions: 109fileCOMMON
                    Download Yara Rule
                    APIs
                    • CreateFileW.KERNEL32(00E96003,40000000,00000001,00000000,00000002,00000080,00000000,604EB446,00000001), ref: 00E95322
                    • WriteFile.KERNEL32(00000000,?,0000C800,0000C800,00000000), ref: 00E953B8
                    • CloseHandle.KERNEL32(00000000), ref: 00E953EF
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: File$CloseCreateHandleWrite
                    • String ID:
                    • API String ID: 1065093856-0
                    • Opcode ID: 208a7fdae19887b24327f635bae72dae801bf642fa9d5318d86a0cfe412d646a
                    • Instruction ID: 92437d8217bc48b7e8f94afd43f823ed264d3545dc683bdb5a6430b178cb0e46
                    • Opcode Fuzzy Hash: 208a7fdae19887b24327f635bae72dae801bf642fa9d5318d86a0cfe412d646a
                    • Instruction Fuzzy Hash: 564115B2900219ABDF11DF99DD44BEEBBB8FF48314F10416AF900B7290D7756A04CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E4D130 Relevance: 4.6, APIs: 3, Instructions: 91memoryCOMMON
                    Download Yara Rule
                    APIs
                    • SysFreeString.OLEAUT32(00000000), ref: 00E4D18E
                    • SysAllocStringLen.OLEAUT32(?,?), ref: 00E4D1B5
                    • LocalFree.KERNEL32(0000000A,604EB446,?,?,00000000,00F1A42D,000000FF,?,80070057,604EB446), ref: 00E4D218
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: FreeString$AllocLocal
                    • String ID:
                    • API String ID: 590497809-0
                    • Opcode ID: 48b7c39ecd545ce757bd36d8cc0c0992c1d27824cbbb44676f1221e48b14ca1b
                    • Instruction ID: 3c1f9e30bca2ab26d2b8812326aa0569feff40038d3c8917b7b3cda8d4a349de
                    • Opcode Fuzzy Hash: 48b7c39ecd545ce757bd36d8cc0c0992c1d27824cbbb44676f1221e48b14ca1b
                    • Instruction Fuzzy Hash: 5C317F71909658EFCB11DFA8DD44BEEBBF8EB09720F00435AF825A3790D77599009BA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC9A20 Relevance: 4.6, APIs: 3, Instructions: 88COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowTextLengthW.USER32(?), ref: 00DC9A27
                    • GetWindowTextW.USER32(?,?,00000001), ref: 00DC9A59
                    • DeleteDC.GDI32(?), ref: 00DC9ADF
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: TextWindow$DeleteLength
                    • String ID:
                    • API String ID: 1151112070-0
                    • Opcode ID: f8306347ac44aea2d10ef5080f0ab679dfa98fa17e563aec5b67b3a11d55816d
                    • Instruction ID: b0b1cc0c0b07979cb2437ca97240a4b5e3a5fd9d81c6d4c0db6e5dfadf01bdf5
                    • Opcode Fuzzy Hash: f8306347ac44aea2d10ef5080f0ab679dfa98fa17e563aec5b67b3a11d55816d
                    • Instruction Fuzzy Hash: 9F21AF723006069FCB14DF69D868F5AF7EAEF89720F15466DE515C73A0DB32A8018B60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DEE7C0 Relevance: 4.6, APIs: 3, Instructions: 58windowCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$DestroyMessagePostQuit
                    • String ID:
                    • API String ID: 1710835984-0
                    • Opcode ID: 1f9bc75454a69690a87ef75eb352a4324caf30020e1f8b5dc75228dd97e930bc
                    • Instruction ID: 820d234eb5cd698d4dd14314dd5a2858605e0948384ecf4fdf628b23a1966573
                    • Opcode Fuzzy Hash: 1f9bc75454a69690a87ef75eb352a4324caf30020e1f8b5dc75228dd97e930bc
                    • Instruction Fuzzy Hash: 0D119171D14708DFCB10DF69DD45B5ABBF8FB08B20F10466AE866972E0DB30A900DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00ED34D0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 348COMMON
                    Download Yara Rule
                    APIs
                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00ED350A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DirectorySystem
                    • String ID: msi.dll
                    • API String ID: 2188284642-3974507041
                    • Opcode ID: 1bfe78d763883b2146b9f8d078a7dc046ba1577163ec4e594235c681beafd415
                    • Instruction ID: 48f3dc0b15239f80b4cc080c7a9ef2319cf4eaf3299570d1a1bbef94c4543947
                    • Opcode Fuzzy Hash: 1bfe78d763883b2146b9f8d078a7dc046ba1577163ec4e594235c681beafd415
                    • Instruction Fuzzy Hash: 49D15971D042189BDB28DF68CD99BEEBBB4EB08304F10419AE409B7291DB756F45CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E4AC40 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000025,00000000,604EB446), ref: 00E4ADE0
                      • Part of subcall function 00E4AEA0: GetEnvironmentVariableW.KERNEL32(00000000,00000000,00000000,?,?,?,80004005), ref: 00E4AEAD
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: EnvironmentFolderHeapPathProcessSpecialVariable
                    • String ID: USERPROFILE
                    • API String ID: 2976596683-2419442777
                    • Opcode ID: 7cb4154025b7b43f9702dec080798dc6e6bd77d8031e6d283ce21e8d5ef2b3ce
                    • Instruction ID: 69e46e5bff2051fa8d27472d022f7f264e2bc0666e613a11f4bb49af9fa29ed7
                    • Opcode Fuzzy Hash: 7cb4154025b7b43f9702dec080798dc6e6bd77d8031e6d283ce21e8d5ef2b3ce
                    • Instruction Fuzzy Hash: 4F61E071A00649DFDB14DF68D859BAEB7F4FF04324F14826DE916EB291DB309900CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF12C0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 155COMMON
                    Download Yara Rule
                    APIs
                    • GetDiskFreeSpaceExW.KERNEL32(?,?,00000000,00000000,604EB446), ref: 00DF13A8
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DiskFreeSpace
                    • String ID: OutOfDiskSpace
                    • API String ID: 1705453755-45093717
                    • Opcode ID: 2f647b01142ecb6b0165f9945c8ac10316fc69ff83d3d559933aa384cbe756c3
                    • Instruction ID: 30f2902e9e9bfb834bc999c185ccbc73c16ae37b550f2532abf8b722dfad843a
                    • Opcode Fuzzy Hash: 2f647b01142ecb6b0165f9945c8ac10316fc69ff83d3d559933aa384cbe756c3
                    • Instruction Fuzzy Hash: 37518071910658DBCB14DB78CC45BEDF7B8BB48310F14829AE949A7281DF70AA85CFA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E82790 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141fileCOMMON
                    Download Yara Rule
                    APIs
                    • WriteFile.KERNEL32(?,?,?,?,00000000,604EB446,?,00000010,?,?,00EFF7AE,000000FF), ref: 00E82818
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                      • Part of subcall function 00E82630: ConnectNamedPipe.KERNEL32(?,00000000,604EB446,?,000000FF,?,00000000,00F25396,000000FF,?,00E8284A,000000FF,?,00000001), ref: 00E8266A
                      • Part of subcall function 00E82630: GetLastError.KERNEL32(?,00E8284A,000000FF,?,00000001), ref: 00E82674
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ConnectErrorFileHeapLastNamedPipeProcessWrite
                    • String ID: \\.\pipe\ToServer
                    • API String ID: 3105902539-63420281
                    • Opcode ID: d457a5cbaf2fe6a160646680e7b381d152bd77b728f89dc0ea1f10185ece602e
                    • Instruction ID: 858ea29ba4d85c4828a237d88a409113b99bec92df5b477bd46dbbbf71b09ebd
                    • Opcode Fuzzy Hash: d457a5cbaf2fe6a160646680e7b381d152bd77b728f89dc0ea1f10185ece602e
                    • Instruction Fuzzy Hash: 9C418171A04604EFDB04DF58D815BAEB7E8EF45724F10415EF919DB390DB75A900CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF17E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131timeCOMMON
                    Download Yara Rule
                    APIs
                    • SetTimer.USER32(?,00000001,000001F4,00000000), ref: 00DF1956
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Timer
                    • String ID: CostingComplete
                    • API String ID: 2870079774-4108885746
                    • Opcode ID: be7faf13b05a8ee07328b49919f1225fd388effbbbe7ad7e62df5fab6c1de037
                    • Instruction ID: fe326cf952b9d1f849ec872f1fe531a955e1c23db2c30ce93ce9f08153f67f35
                    • Opcode Fuzzy Hash: be7faf13b05a8ee07328b49919f1225fd388effbbbe7ad7e62df5fab6c1de037
                    • Instruction Fuzzy Hash: C351C075D00348DFDB10CFA4C885BEEBBB4AF04354F18422DE6157B282DB756945CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF68C0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON
                    Download Yara Rule
                    APIs
                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 00DF6991
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LongWindow
                    • String ID: $
                    • API String ID: 1378638983-3993045852
                    • Opcode ID: a8c3049a27ea0cfb33e89a470024769a19a75263ed7e3c3d76cf1027de770b85
                    • Instruction ID: de97d0357cf1ffaf90cbdf601b84749e5b91e64ce0b936cdbe67282ac6375283
                    • Opcode Fuzzy Hash: a8c3049a27ea0cfb33e89a470024769a19a75263ed7e3c3d76cf1027de770b85
                    • Instruction Fuzzy Hash: 13316771104388DFDB149F09C88472ABBF0FB89714F088559FA948B6A5D3B2D944CFA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DED0A1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 82COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DF2D50: IsWindow.USER32(?), ref: 00DF2E4A
                    • KiUserCallbackDispatcher.NTDLL(00000000), ref: 00DED191
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CallbackDispatcherUserWindow
                    • String ID: J,
                    • API String ID: 3289301729-3699335152
                    • Opcode ID: 4d0972ec4077e8f109876a91a4b5ca9663619444f1a912dbf363cead659452ab
                    • Instruction ID: dd777cddaab5b52e3c7f91d85269b2bbdca7321a7107c7339333f6a7d50fc1dd
                    • Opcode Fuzzy Hash: 4d0972ec4077e8f109876a91a4b5ca9663619444f1a912dbf363cead659452ab
                    • Instruction Fuzzy Hash: 6B318F30904348DFCB15EBA8C895BEEBBB5EF55304F00845DE4865B292CF356A04DBB2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EF3C7A Relevance: 3.2, APIs: 2, Instructions: 166COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00EF3815: GetOEMCP.KERNEL32(00000000,00EF3A86,?,?,00EE2D95,00EE2D95,?,?,?), ref: 00EF3840
                    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00EF3ACD,?,00000000,?,?,?,?,?,?,00EE2D95), ref: 00EF3CD8
                    • GetCPInfo.KERNEL32(00000000,00EF3ACD,?,?,00EF3ACD,?,00000000,?,?,?,?,?,?,00EE2D95,?,?), ref: 00EF3D1A
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CodeInfoPageValid
                    • String ID:
                    • API String ID: 546120528-0
                    • Opcode ID: b233c2429ab54dba32e7bab680f1c24280558485ae1f69f4b9d9f70095675b93
                    • Instruction ID: c8dde6c2e87143b3a14b0d9737c49928969fc4b6eff3a716988bb069c1029a0b
                    • Opcode Fuzzy Hash: b233c2429ab54dba32e7bab680f1c24280558485ae1f69f4b9d9f70095675b93
                    • Instruction Fuzzy Hash: 0A515570A0034D8EDB259F35C8416FBFBE5EF81304F24506ED296AB292D7769B46CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF7580 Relevance: 3.1, APIs: 2, Instructions: 133windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,000005F9,?,00000000), ref: 00DF76A2
                    • PostMessageW.USER32(?,000005F6,00000000,00000000), ref: 00DF7731
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Message$PostSend
                    • String ID:
                    • API String ID: 2264170824-0
                    • Opcode ID: 932b869bcc4278417c1106dfb349336f73ebe5868727010f9a805fd1b950c43b
                    • Instruction ID: 91a22611fd7e2fbb4e6dd19edab8cc8798639736065c9b8b500121f33c9776cc
                    • Opcode Fuzzy Hash: 932b869bcc4278417c1106dfb349336f73ebe5868727010f9a805fd1b950c43b
                    • Instruction Fuzzy Hash: 9151B1B0D05249DFDB04CF98D984BAEBBB5FF08314F20816AE505AB790D775AA04CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E73FD0 Relevance: 3.1, APIs: 2, Instructions: 123registryCOMMON
                    Download Yara Rule
                    APIs
                    • RegQueryValueExW.KERNEL32(?,?,00000000,000000C8,00000000,000000C8,000000C8), ref: 00E7403E
                    • RegQueryValueExW.ADVAPI32(?,?,00000000,000000C8,00000000,00000002,00000002,000000C8), ref: 00E74080
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: QueryValue
                    • String ID:
                    • API String ID: 3660427363-0
                    • Opcode ID: 58f7658d316c2af0301088b8b02714734bb44c75e948e73a2faba76f1311a9c4
                    • Instruction ID: 1ed60af538e743c53bd938816cd99576c54728371635fc21254e481e17bf61a1
                    • Opcode Fuzzy Hash: 58f7658d316c2af0301088b8b02714734bb44c75e948e73a2faba76f1311a9c4
                    • Instruction Fuzzy Hash: AA418CB190020AEBDB10EB94DC45BFFB7B8FF15304F10591AE915B7291E774AA04CBA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E81F10 Relevance: 3.1, APIs: 2, Instructions: 85filepipeCOMMON
                    Download Yara Rule
                    APIs
                    • CreateNamedPipeW.KERNEL32(?,00000003,00000006,000000FF,00007F90,00007F90,00001388,00000000,?,604EB446,604EB446,?,?,?,00000000,00F25105), ref: 00E81F98
                    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000,?,604EB446,604EB446,?,?,?,00000000,00F25105,000000FF), ref: 00E81FBA
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Create$FileNamedPipe
                    • String ID:
                    • API String ID: 1328467360-0
                    • Opcode ID: f812161911cc4ac5d55ee49cc8a08ee7c50e3318fe5f191c5a615948d4676f4d
                    • Instruction ID: edf1aecbd5f5dea8033b0d600f36ade2d34c161df5087d89b74a9b371f5b0608
                    • Opcode Fuzzy Hash: f812161911cc4ac5d55ee49cc8a08ee7c50e3318fe5f191c5a615948d4676f4d
                    • Instruction Fuzzy Hash: B431D231A88745AFD7219F14DC01B99BBA8EF05B20F10826EF9A9AB6D0D771A901DB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DD97B0 Relevance: 3.1, APIs: 2, Instructions: 72COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DeleteObject
                    • String ID:
                    • API String ID: 1531683806-0
                    • Opcode ID: 672e5bbc7187cbb8e9a15890113f709a059f54e15aae7ed39cdace0dca8d1ba6
                    • Instruction ID: 174700dbec3304d5a6987d65904328fdc4aaf8380c25d2b8d82529d553687c17
                    • Opcode Fuzzy Hash: 672e5bbc7187cbb8e9a15890113f709a059f54e15aae7ed39cdace0dca8d1ba6
                    • Instruction Fuzzy Hash: 6E31DD70A05649DFD710DF69C948B8EFBF8EF02710F1482AEE455E7280DB75AA04DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE7BC0 Relevance: 3.1, APIs: 2, Instructions: 70COMMON
                    Download Yara Rule
                    APIs
                    • IsWindow.USER32(00000004), ref: 00DE7C0A
                    • DestroyWindow.USER32(00000004,?,?,?,?,?,?,?,?,000000FF), ref: 00DE7C17
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Destroy
                    • String ID:
                    • API String ID: 3707531092-0
                    • Opcode ID: abde2040aa721b02ba440847ef07412433b6553905cc69b919572f8cbd17b029
                    • Instruction ID: 2730501b50abc1db6c928d881eea70c4a2849ffb06186c9b426e76caf0ea557f
                    • Opcode Fuzzy Hash: abde2040aa721b02ba440847ef07412433b6553905cc69b919572f8cbd17b029
                    • Instruction Fuzzy Hash: F131BF70805789EECB10EF68CA0478EFBF4FF11314F104699D45593691DBB4AB08DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E48CF0 Relevance: 3.0, APIs: 2, Instructions: 41windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00E4DF80: LoadLibraryW.KERNEL32(ComCtl32.dll,604EB446,00000000,?,00000000), ref: 00E4DFBE
                      • Part of subcall function 00E4DF80: GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 00E4DFE1
                      • Part of subcall function 00E4DF80: FreeLibrary.KERNEL32(00000000), ref: 00E4E05F
                      • Part of subcall function 00E4DF80: GetSystemMetrics.USER32(0000000C), ref: 00E4E01C
                      • Part of subcall function 00E4DF80: GetSystemMetrics.USER32(0000000B), ref: 00E4E032
                      • Part of subcall function 00E4DF80: LoadImageW.USER32(?,?,00000001,00000000,00000000,?), ref: 00E4E041
                    • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 00E48D34
                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00E48D3F
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LibraryLoadMessageMetricsSendSystem$AddressFreeImageProc
                    • String ID:
                    • API String ID: 852476325-0
                    • Opcode ID: 2520f9469eb1b8b1755b66aacf7cd2d79fabffd93e90a4904d15d06ffa319141
                    • Instruction ID: f2ff1185dc48c7a9afc21eeb29f670aca5a9e992cb561046ea31a26d273d6568
                    • Opcode Fuzzy Hash: 2520f9469eb1b8b1755b66aacf7cd2d79fabffd93e90a4904d15d06ffa319141
                    • Instruction Fuzzy Hash: DCF0A031B8521837F620215A1C03F27B68DD781B64F104266FE89AB2C2ECC23C1402E9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF7830 Relevance: 3.0, APIs: 2, Instructions: 36windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,000005F4,?,00000000), ref: 00DF786A
                    • PostMessageW.USER32(?,000005F8,00000000,00000000), ref: 00DF7882
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Message$PostSend
                    • String ID:
                    • API String ID: 2264170824-0
                    • Opcode ID: 4afeafc4b1116863fd32a2c04c293d52c9b43e82ab0fddc34adb87b68d26822c
                    • Instruction ID: 1239e02cfe73a507aa0be71c805384f30809647fb5d45a7cb0a0bdfcfac095ae
                    • Opcode Fuzzy Hash: 4afeafc4b1116863fd32a2c04c293d52c9b43e82ab0fddc34adb87b68d26822c
                    • Instruction Fuzzy Hash: D6F09032280611FFCA249F08DD49FA6BBAAFB45756F11001AF211A70A0CB60A954DBB5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EF0E08 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    • LCMapStringEx.KERNEL32(?,00EEFD6A,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00EF0E3C
                    • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,00EEFD6A,?,?,00000000,?,00000000), ref: 00EF0E5A
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: String
                    • String ID:
                    • API String ID: 2568140703-0
                    • Opcode ID: 1e2eaf93da8e4e05341c9f0eb2501a86c725cda2c521a79cd99badb3dd5cc011
                    • Instruction ID: e5d23a374269d4951dd293b6f1622567d0cf910aa32c109e99e2ab91cfd1fa56
                    • Opcode Fuzzy Hash: 1e2eaf93da8e4e05341c9f0eb2501a86c725cda2c521a79cd99badb3dd5cc011
                    • Instruction Fuzzy Hash: DEF0683650025EBBCF226F91DC059EE3E66AB483A0F058410BA1825022C732D871AB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EEE938 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMON
                    Download Yara Rule
                    APIs
                    • RtlFreeHeap.NTDLL(00000000,00000000,?,00EF2C45,?,00000000,?,?,?,00EF2EE8,?,00000007,?,?,00EF3581,?), ref: 00EEE94E
                    • GetLastError.KERNEL32(?,?,00EF2C45,?,00000000,?,?,?,00EF2EE8,?,00000007,?,?,00EF3581,?,?), ref: 00EEE960
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ErrorFreeHeapLast
                    • String ID:
                    • API String ID: 485612231-0
                    • Opcode ID: 7fbf2cb2e1444b569ddc552c5ec2b0f8507a5152d1fdc1d1cacefe16578ff7c9
                    • Instruction ID: a52d633263411b72b6e82d2d381d0b96d7ff4a7417c1562bec75d516eeac96c3
                    • Opcode Fuzzy Hash: 7fbf2cb2e1444b569ddc552c5ec2b0f8507a5152d1fdc1d1cacefe16578ff7c9
                    • Instruction Fuzzy Hash: 15E0867100434CA7CB306FF6EC097597BDDAB40364F104429F608A5161D73194809744
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E25E20 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                    Download Yara Rule
                    APIs
                    • SetWindowTextW.USER32(00000000,?), ref: 00E25E3A
                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00E25E4A
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: InvalidateRectTextWindow
                    • String ID:
                    • API String ID: 1256419848-0
                    • Opcode ID: f8b34fa10e83032ab3e7c3c528380956354173f516c297613a117d87c826dcad
                    • Instruction ID: 3b9e31e9fd0d48673b4f9df17301f251523d9d25d554fbd41f0e824077cbd420
                    • Opcode Fuzzy Hash: f8b34fa10e83032ab3e7c3c528380956354173f516c297613a117d87c826dcad
                    • Instruction Fuzzy Hash: 02E08C32210210EBD7148F24EC4CFA677A6EF05305F11442DF145DA0B0CBB19C40CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E34FE0 Relevance: 2.7, APIs: 2, Instructions: 157COMMON
                    Download Yara Rule
                    APIs
                    • CloseHandle.KERNEL32(?,604EB446,?,00000000), ref: 00E3507A
                    • CloseHandle.KERNEL32(?,604EB446,?,00000000), ref: 00E3509F
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CloseHandle
                    • String ID:
                    • API String ID: 2962429428-0
                    • Opcode ID: d3f74bf8d42642f4cbf88abe6c6bd7f003efdf5bfe3b71a1d8b994df06a870a6
                    • Instruction ID: 0163c17f41f4a2d9f876b45d9a06a44f2f3995b6211e40d3277a88fe0dab3be5
                    • Opcode Fuzzy Hash: d3f74bf8d42642f4cbf88abe6c6bd7f003efdf5bfe3b71a1d8b994df06a870a6
                    • Instruction Fuzzy Hash: AE617B30901B89DFD711CF68C948B8EFBF4EF49314F1485A9D4599B392DB74AA04CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EEE83D Relevance: 2.6, APIs: 2, Instructions: 69COMMON
                    Download Yara Rule
                    APIs
                    • GetLastError.KERNEL32(?,?,?,00EE2AAE,00EEFBDF,?,00EE57C9,?,00000004,?,?,?,?,00EEDD22,?,?), ref: 00EEE842
                    • SetLastError.KERNEL32(00000000,00000002,000000FF,?,00EE57C9,?,00000004,?,?,?,?,00EEDD22,?,?,00000004,?), ref: 00EEE8E0
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ErrorLast
                    • String ID:
                    • API String ID: 1452528299-0
                    • Opcode ID: e5a74b8527b9625fd7a91fa9ccc55d861701badf6f96a70bfcb5b5e42b70ff21
                    • Instruction ID: 34edfd854a97f3677ca996d5e477c82dc366a49d5a6f4c56790b6ffa2a6f7a67
                    • Opcode Fuzzy Hash: e5a74b8527b9625fd7a91fa9ccc55d861701badf6f96a70bfcb5b5e42b70ff21
                    • Instruction Fuzzy Hash: 0A11CC7120874D6FE6593777AC85E3E35DAABC137C7692235F628B32E2EE61CC016124
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE5FB0 Relevance: 1.8, APIs: 1, Instructions: 320COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowRect.USER32(?,?), ref: 00DE5FFA
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: RectWindow
                    • String ID:
                    • API String ID: 861336768-0
                    • Opcode ID: f0401f4924efb10167d1cf242901e271c67873d6883b0e30ec0d3fd4cb9b3eef
                    • Instruction ID: 1c039b27a711b210136cc2de65ef228301b9f455b2af3938cd5cc5b7a51ef54e
                    • Opcode Fuzzy Hash: f0401f4924efb10167d1cf242901e271c67873d6883b0e30ec0d3fd4cb9b3eef
                    • Instruction Fuzzy Hash: 21D13471900209AFDF15DFA9C984BEEBBB9EF58310F188169E905BB255DB30E944CF60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF0580 Relevance: 1.7, APIs: 1, Instructions: 232COMMON
                    Download Yara Rule
                    APIs
                    • KiUserCallbackDispatcher.NTDLL ref: 00DF0728
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CallbackDispatcherUser
                    • String ID:
                    • API String ID: 2492992576-0
                    • Opcode ID: e26df7ced1523f9ced15f50320aed9fd52f316886c8824a9dcabc0cea60c7d60
                    • Instruction ID: f15914ef5f9ce8bc669fc607eec84b7bd0ed52cec410c8c4cde333100e7ba90e
                    • Opcode Fuzzy Hash: e26df7ced1523f9ced15f50320aed9fd52f316886c8824a9dcabc0cea60c7d60
                    • Instruction Fuzzy Hash: C381C475A002098FCB04EF58C894ABEBBB5FF88310F158569E9159B352DB30AD45CBE0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E69B90 Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                    Download Yara Rule
                    APIs
                    • EnumResourceLanguagesW.KERNEL32(?,00000010,00000001,00E69D70,?), ref: 00E69BDB
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: EnumLanguagesResource
                    • String ID:
                    • API String ID: 4141015960-0
                    • Opcode ID: a01171b3eead90ef634aa940ad908e7e16f84efe30b59e02c8ca3af8bd477956
                    • Instruction ID: b4fd7cf0b3fceb74090b570bb4556e2976b56f071cd9c5a7cf803225ef2776f1
                    • Opcode Fuzzy Hash: a01171b3eead90ef634aa940ad908e7e16f84efe30b59e02c8ca3af8bd477956
                    • Instruction Fuzzy Hash: 4461B271A0161A9BDB10DF68D884BAEF7F8FF08744F005269E815BB682D771ED44CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E169F0 Relevance: 1.7, APIs: 1, Instructions: 155windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,000000B0,00000000,?), ref: 00E16A56
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                      • Part of subcall function 00DC9A20: GetWindowTextLengthW.USER32(?), ref: 00DC9A27
                      • Part of subcall function 00DC9A20: GetWindowTextW.USER32(?,?,00000001), ref: 00DC9A59
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: TextWindow$HeapLengthMessageProcessSend
                    • String ID:
                    • API String ID: 197532015-0
                    • Opcode ID: c4ba29bb77f21d6bb2f7a7003bd0dc005c6bfe7d38d7f6c29d8d824674e95ab2
                    • Instruction ID: 3dba7f43db6a93dd3685a3d9c2a29ef2a7015f7ee313951bf89df2b8699ad871
                    • Opcode Fuzzy Hash: c4ba29bb77f21d6bb2f7a7003bd0dc005c6bfe7d38d7f6c29d8d824674e95ab2
                    • Instruction Fuzzy Hash: A251B071905609DFCB10DFA8D895BEEB7B4FF05318F145269E815F7290E734A984CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E687B0 Relevance: 1.6, APIs: 1, Instructions: 128fileCOMMON
                    Download Yara Rule
                    APIs
                    • DeleteFileW.KERNEL32(?,00000000,00000000,?,00000000,80004005,?,?,?,604EB446), ref: 00E687DB
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DeleteFile
                    • String ID:
                    • API String ID: 4033686569-0
                    • Opcode ID: 9414241bb310099ce89b69926574774175d16391e00abc8408310838ad2f76aa
                    • Instruction ID: 0f345184cee126b29d1474a7f04b107d5238b277a45518d527de9e00ee934fb3
                    • Opcode Fuzzy Hash: 9414241bb310099ce89b69926574774175d16391e00abc8408310838ad2f76aa
                    • Instruction Fuzzy Hash: 5E311471900615DFDB10DF68DA85B9ABBF4FB04754F1482AAE914FB282DB71A900CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EF38EB Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                    Download Yara Rule
                    APIs
                    • GetCPInfo.KERNEL32(E8458D00,?,?,?,00000000), ref: 00EF391D
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Info
                    • String ID:
                    • API String ID: 1807457897-0
                    • Opcode ID: e37c0dd72ae738ad6285dd5a166f0367b260293cbf6562e7d0bed493ac6f97cc
                    • Instruction ID: 125ea85194797debc0aaa93f9f1308a3fe53305eaf8a9bacc02b1d5012e4ffe6
                    • Opcode Fuzzy Hash: e37c0dd72ae738ad6285dd5a166f0367b260293cbf6562e7d0bed493ac6f97cc
                    • Instruction Fuzzy Hash: 2A414A7150468C9BDB218B39CC84BF67BEDDB45308F2414ADE6CAA7143D2719F45DB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E72840 Relevance: 1.6, APIs: 1, Instructions: 118registryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00E723F0: RegOpenKeyExW.KERNEL32(00000000,604EB446,00000000,00020019,00000002,604EB446,00000001,00000010,00000002,00E7172C,604EB446,00000000,?), ref: 00E7248C
                      • Part of subcall function 00E73FD0: RegQueryValueExW.KERNEL32(?,?,00000000,000000C8,00000000,000000C8,000000C8), ref: 00E7403E
                      • Part of subcall function 00E73FD0: RegQueryValueExW.ADVAPI32(?,?,00000000,000000C8,00000000,00000002,00000002,000000C8), ref: 00E74080
                    • RegCloseKey.ADVAPI32(00000000), ref: 00E72916
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: QueryValue$CloseOpen
                    • String ID:
                    • API String ID: 1586453840-0
                    • Opcode ID: 720ec9a096d1b69f089212b5cae6fd0fe8f19933f928bdc2d984438e9919d64b
                    • Instruction ID: 951d7e92046f272b25cff4f02b64443ca5aa0ab82035d8a109921a9c0f72dc0f
                    • Opcode Fuzzy Hash: 720ec9a096d1b69f089212b5cae6fd0fe8f19933f928bdc2d984438e9919d64b
                    • Instruction Fuzzy Hash: D2418E31901649DBDB10CFA8C844B9EFBB4EF85325F18C269E925AB391D7759A04CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E47250 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00E474F0: DeleteFileW.KERNEL32(00000000,0000002A,00000000,?,604EB446,00000001), ref: 00E47560
                    • RemoveDirectoryW.KERNEL32(00000000,00E4D055,604EB446,00000001,?,00E4D055,00000000,00F19353,000000FF,?,?,604EB446,00000001,?), ref: 00E472BE
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DeleteDirectoryFileRemove
                    • String ID:
                    • API String ID: 3325800564-0
                    • Opcode ID: 1b5fcfd9cdadcac42e6979589c514df6e16054f7280414b2985ea4a89df80b51
                    • Instruction ID: bf762e5accd3afc59e452676297156a4cbb2d1353a39a3b511eb9af25fa23d37
                    • Opcode Fuzzy Hash: 1b5fcfd9cdadcac42e6979589c514df6e16054f7280414b2985ea4a89df80b51
                    • Instruction Fuzzy Hash: 63414171D046189FCB14EFA8D884ADEF7B4EF49324F145269E865B7292EB309904CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE6720 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowRect.USER32(?,?), ref: 00DE677E
                      • Part of subcall function 00DE5C50: GetWindowLongW.USER32(?,000000EC), ref: 00DE5C7B
                      • Part of subcall function 00DE5C50: GetWindowRect.USER32(?,?), ref: 00DE5C9A
                      • Part of subcall function 00DE5C50: OffsetRect.USER32(?,?,00000000), ref: 00DE5CAC
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: RectWindow$LongOffset
                    • String ID:
                    • API String ID: 2358126260-0
                    • Opcode ID: 59286b7796f5092a74fbb4f0f3cc39affa4c28f0e1d2b8a84f406e74445908d6
                    • Instruction ID: 531351a76721efaf7eb08ffee077ad3e1840eaa8a8c91d813823c7c462985d03
                    • Opcode Fuzzy Hash: 59286b7796f5092a74fbb4f0f3cc39affa4c28f0e1d2b8a84f406e74445908d6
                    • Instruction Fuzzy Hash: 6A31A471E00258AFDB10DFA5DD85BAEBBB8EF59714F144219F801AB290DB70A904C7A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E723F0 Relevance: 1.6, APIs: 1, Instructions: 82registryCOMMON
                    Download Yara Rule
                    APIs
                    • RegOpenKeyExW.KERNEL32(00000000,604EB446,00000000,00020019,00000002,604EB446,00000001,00000010,00000002,00E7172C,604EB446,00000000,?), ref: 00E7248C
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Open
                    • String ID:
                    • API String ID: 71445658-0
                    • Opcode ID: 4531b30fe2c7e8925663e87ea7318d84dc83b76c470a23535ee630a070d67cf3
                    • Instruction ID: 6431cca43841471f98165ddee53dbbf9e3bc96d838ce7374a436d31ff2468b74
                    • Opcode Fuzzy Hash: 4531b30fe2c7e8925663e87ea7318d84dc83b76c470a23535ee630a070d67cf3
                    • Instruction Fuzzy Hash: 6821D072A006199FDB10DB68CC45BAAB7F9EB44334F10436EE939A32D1DB349D018BA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF8FF0 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                    Download Yara Rule
                    APIs
                    • GetActiveWindow.USER32 ref: 00DF90B5
                      • Part of subcall function 00DECA00: EnterCriticalSection.KERNEL32(00F9D5C4), ref: 00DECAA7
                      • Part of subcall function 00DECA00: GetCurrentThreadId.KERNEL32 ref: 00DECABA
                      • Part of subcall function 00DECA00: LeaveCriticalSection.KERNEL32(?), ref: 00DECB33
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$ActiveCurrentEnterLeaveThreadWindow
                    • String ID:
                    • API String ID: 3963853348-0
                    • Opcode ID: 0c37742f31fdff19b9ed3ddea623c228ed5f0d1f94f9224cef59c3965095d8c3
                    • Instruction ID: 8b78717decc41af70a5f5fed4413cae280ffd464533ceb6e1ac61522f980a84e
                    • Opcode Fuzzy Hash: 0c37742f31fdff19b9ed3ddea623c228ed5f0d1f94f9224cef59c3965095d8c3
                    • Instruction Fuzzy Hash: E02136B0818258DFCB65DF64C849BAEBBB8FB08304F10829DE419A7281DB745B49CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DFF7C0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DeleteObject
                    • String ID:
                    • API String ID: 1531683806-0
                    • Opcode ID: 2ade80865c9de168330fdf8ddf7e27f302e9f13bad20b7a0fa3441d4e0b26da9
                    • Instruction ID: 76982d92afaf6e371e84d950174f5a5f6c5266673fbbd7cb7b18418daee6956a
                    • Opcode Fuzzy Hash: 2ade80865c9de168330fdf8ddf7e27f302e9f13bad20b7a0fa3441d4e0b26da9
                    • Instruction Fuzzy Hash: F6118471A047489BD710DF68DC45BAABBE8EF09B50F04826EF915973D1D7B5A900C7E0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E142E0 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CursorDestroy
                    • String ID:
                    • API String ID: 1272848555-0
                    • Opcode ID: b9a64db76a806b951f5eb1d1b500734767111ff950a47f73edf8fb247e872841
                    • Instruction ID: 0cdaa7e76c92ad8d35a12a32eb54c9f1a11cc449e7dd401b15a6b6da8ee9349e
                    • Opcode Fuzzy Hash: b9a64db76a806b951f5eb1d1b500734767111ff950a47f73edf8fb247e872841
                    • Instruction Fuzzy Hash: 71F0A471A08758ABC710DF58DD05BDAB7ECEB09B10F00425AF821A73C0DBB59A00C790
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DB99B0 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00EE029A: RaiseException.KERNEL32(E06D7363,00000001,00000003,604EB446,?,?,80004005,604EB446), ref: 00EE02FA
                    • RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: AllocateExceptionHeapRaise
                    • String ID:
                    • API String ID: 3789339297-0
                    • Opcode ID: eeae0e24dc3e6a39e45db31508ab52c2307b4d70e3c4caffb6c0db7337249a81
                    • Instruction ID: 11fb1c57e94f7ba7e2ee96f4b662174d9ae01275dd44c3a436bfebea079d4d33
                    • Opcode Fuzzy Hash: eeae0e24dc3e6a39e45db31508ab52c2307b4d70e3c4caffb6c0db7337249a81
                    • Instruction Fuzzy Hash: ECF0E272A0834CBFCB01DF00CC01F56BBA8F709B10F00492AFA05826A0CB36A900DA44
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EEE972 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                    Download Yara Rule
                    APIs
                    • RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00EEFBC1,?,00000000,?,00EE57C9,?,00000004,?,?,?,?,00EEDD22), ref: 00EEE9A4
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: AllocateHeap
                    • String ID:
                    • API String ID: 1279760036-0
                    • Opcode ID: 4f7fa118218347082c7807f4b7efe05eeca97c81ba92422cf29aa947ce524b18
                    • Instruction ID: 6e8ee4fd2826e60bfefcbcbe0368a31b3bf1215f5117b3b047efed5887006283
                    • Opcode Fuzzy Hash: 4f7fa118218347082c7807f4b7efe05eeca97c81ba92422cf29aa947ce524b18
                    • Instruction Fuzzy Hash: 79E06D312052ADD6DA712B679C01B9A7ACC9FC53B4F1521A1FD05B63D2FB66DC0091E8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2C590 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(00000000), ref: 00E2C5A9
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID:
                    • API String ID: 3850602802-0
                    • Opcode ID: 9c7fd2b614ed54594434eddd191a8407c73e50b17fd3d461e31af18d20280ab8
                    • Instruction ID: 7553e59c09543852f155cbae11226fd3b2fb0dde44dd6659daf98b5b0bacc5d9
                    • Opcode Fuzzy Hash: 9c7fd2b614ed54594434eddd191a8407c73e50b17fd3d461e31af18d20280ab8
                    • Instruction Fuzzy Hash: 8CC04C70640240ABDD109768DD4DF457654AF41719F2441857356AA0E1CAA158548A59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2C530 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(00000000), ref: 00E2C54B
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID:
                    • API String ID: 3850602802-0
                    • Opcode ID: 1ea04782f7fa4931dbba683b81853b6a195c00e2bfb8fdad29d71c5fea4e9720
                    • Instruction ID: 3624c6e2e8c2f3ac830193b6e1e09a1cf8c120ee4fb7d1da13ba5c4e57a63cb1
                    • Opcode Fuzzy Hash: 1ea04782f7fa4931dbba683b81853b6a195c00e2bfb8fdad29d71c5fea4e9720
                    • Instruction Fuzzy Hash: C9C08CB1100200ABCA008BA8CC0DF46BB64BF50308F208149B3069A0F2C6B18860CF19
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2C500 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(00000000), ref: 00E2C51D
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID:
                    • API String ID: 3850602802-0
                    • Opcode ID: b00a01cf64d2954e0987c61f6250c1cb22596cf78a23228b3c5d7b607d47574c
                    • Instruction ID: 4b5985083c46884abad9e2cd9d60571f8e6199f732eec0c524e960cd45169a76
                    • Opcode Fuzzy Hash: b00a01cf64d2954e0987c61f6250c1cb22596cf78a23228b3c5d7b607d47574c
                    • Instruction Fuzzy Hash: 9DC01275000201ABCA019BA8CC0CE4ABBA1BF94328F118549B28A861B1C63288A4DF12
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE83D0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                    Download Yara Rule
                    APIs
                    • ShowWindow.USER32(?,00000000), ref: 00DE83E2
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ShowWindow
                    • String ID:
                    • API String ID: 1268545403-0
                    • Opcode ID: c1fedbcd83defb9b940317afda7ce2f1fb188c54f4fece7df4d99847ec33f27c
                    • Instruction ID: 4ec7098bd3e5231c2cf41a6e2b30a3dab8224fec0e0b2200fc17604f2e5254db
                    • Opcode Fuzzy Hash: c1fedbcd83defb9b940317afda7ce2f1fb188c54f4fece7df4d99847ec33f27c
                    • Instruction Fuzzy Hash: 70C09BB16151407FEB0597549D04F377AF5DFD5306F15C4766055C1065C6318C50EB15
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF7C70 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                    Download Yara Rule
                    APIs
                    • PostMessageW.USER32(?,000005F7,?,00000000), ref: 00DF7C7E
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessagePost
                    • String ID:
                    • API String ID: 410705778-0
                    • Opcode ID: 54a0dc06c0991a9142ec624345b2db61189c1c717f55656b4b0bcd7e49962fca
                    • Instruction ID: 203e0bdbf3166ea6bf721523e7385100536d23ce030451fd7c07c99bee6de265
                    • Opcode Fuzzy Hash: 54a0dc06c0991a9142ec624345b2db61189c1c717f55656b4b0bcd7e49962fca
                    • Instruction Fuzzy Hash: 98B0123158420AFBDE014F40EE0AF2B7F21AB5470AF20402AB340580F0C776C061EF15
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE83B0 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                    Download Yara Rule
                    APIs
                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00DE83B9
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CallbackDispatcherUser
                    • String ID:
                    • API String ID: 2492992576-0
                    • Opcode ID: 6fe55f12f2cf7d61051e2e60bf9bb7afa16c2f391261466e037ad2e9976df3e6
                    • Instruction ID: 07ab65345461efee0d0c80959ae9a526ef73d4ae688f9976825315dccbc76107
                    • Opcode Fuzzy Hash: 6fe55f12f2cf7d61051e2e60bf9bb7afa16c2f391261466e037ad2e9976df3e6
                    • Instruction Fuzzy Hash: D4B012720040806FCA0147509E0883ABE74AB543067008056F18280030C3314820FF20
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E82010 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                    Download Yara Rule
                    APIs
                    • CloseHandle.KERNEL32(?,604EB446,00000000,?,00000000,00F25153,000000FF,?,00E6103B,?,00000000,00000000), ref: 00E82049
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CloseHandle
                    • String ID:
                    • API String ID: 2962429428-0
                    • Opcode ID: 884e373af9e383cb369778bec84c641c69426f583aaccad0f886db602ebc0eae
                    • Instruction ID: c95a73e74391f577a7fd25d8f0113af3fbae45d7e48e77f4f92f8d9ea1b49120
                    • Opcode Fuzzy Hash: 884e373af9e383cb369778bec84c641c69426f583aaccad0f886db602ebc0eae
                    • Instruction Fuzzy Hash: 5B112AB1904A499FD710DF68C948B5ABBF8EB05734F1087AAE429977E0E775A9008B80
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 00DB2010 Relevance: 170.8, Strings: 134, Instructions: 3262COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CloseHandle
                    • String ID: 100$10000$100000$12000$120000$1500$15000$1500000$1800$2000$20000$200000$3000$30000$3000000$500$5000$6000$800$8000$AI_AppSearchEx$AI_ChainProductsPseudo$AI_CountRowAction$AI_DefaultActionCost$AI_DownloadPrereq$AI_ExtractPrereq$AI_Game$AI_GxInstall$AI_GxUninstall$AI_InstallPostPrerequisite$AI_InstallPrerequisite$AI_PreRequisite$AI_ProcessAccounts$AI_ProcessGroups$AI_ProcessTasks$AI_ScheduledTasks$AI_UninstallAccounts$AI_UninstallGroups$AI_UninstallTasks$AI_UserAccounts$AI_UserGroups$AI_XmlAttribute$AI_XmlElement$AI_XmlInstall$AI_XmlUninstall$AppId$AppSearch$BindImage$Complus$Component$Component_$CostFinalize$CostInitialize$CreateFolder$CreateFolders$CreateShortcuts$DuplicateFile$DuplicateFiles$Environment$Extension$Feature$Feature_$File$FileCost$FileSize$Font$IniFile$InstallFiles$InstallFinalize$InstallInitialize$InstallODBC$InstallServices$InstallValidate$Location$MIME$MoveFile$MoveFiles$MsiAssembly$MsiConfigureServices$MsiPublishAssemblies$MsiUnpublishAssemblies$ODBCDataSource$ODBCDriver$ODBCTranslator$Options$Patch$PatchFiles$PatchSize$ProcessComponents$ProgId$PublishComponent$PublishComponents$PublishFeatures$RegisterClassInfo$RegisterComPlus$RegisterExtensionInfo$RegisterFonts$RegisterMIMEInfo$RegisterProgIdInfo$RegisterTypeLibraries$Registry$RemoveDuplicateFiles$RemoveEnvironmentStrings$RemoveExistingProducts$RemoveFile$RemoveFiles$RemoveFolders$RemoveIniFile$RemoveIniValues$RemoveODBC$RemoveRegistry$RemoveRegistryValues$RemoveShortcuts$SelfReg$SelfRegModules$SelfUnregModules$ServiceControl$ServiceInstall$Shortcut$StartServices$StopServices$TypeLib$UnpublishComponents$UnpublishFeatures$UnregisterClassInfo$UnregisterComPlus$UnregisterExtensionInfo$UnregisterFonts$UnregisterMIMEInfo$UnregisterProgIdInfo$WriteEnvironmentStrings$WriteIniValues$WriteRegistryValues$~
                    • API String ID: 2962429428-2910470256
                    • Opcode ID: d54f434178169742bb838234eb397272e8f1436c8e7099b3ee01fe819cd589c9
                    • Instruction ID: b860f36884f9d3a257b4501d3b575cda3a3fa41d6602518fe2533895889a8d61
                    • Opcode Fuzzy Hash: d54f434178169742bb838234eb397272e8f1436c8e7099b3ee01fe819cd589c9
                    • Instruction Fuzzy Hash: 0A73B370549388DAEB04DBB8DC1579A3AA0EB83388F14455EE5511F2E2CFF9050AF7B6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC8070 Relevance: 26.0, APIs: 17, Instructions: 532COMMON
                    Download Yara Rule
                    APIs
                    • GetClientRect.USER32(?,?), ref: 00DC80A8
                    • GetWindowLongW.USER32(?,000000EB), ref: 00DC811B
                    • ShowWindow.USER32(00000000,?), ref: 00DC813A
                    • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00DC8148
                    • GetWindowRect.USER32(00000000,?), ref: 00DC815F
                    • ShowWindow.USER32(00000000,?), ref: 00DC8180
                    • SetWindowLongW.USER32(?,000000EB,?), ref: 00DC8197
                      • Part of subcall function 00DC2000: RaiseException.KERNEL32(00000000,00000000,00000000,00000000,00EDB848,C000008C,00000001,?,00EDB879,00000000,?,00DB9067,00000000,604EB446,000000FF,?), ref: 00DC200C
                    • GetClientRect.USER32(?,?), ref: 00DC8258
                    • ShowWindow.USER32(?,?), ref: 00DC82E3
                    • GetWindowLongW.USER32(?,000000EB), ref: 00DC8311
                    • ShowWindow.USER32(?,?), ref: 00DC832E
                    • GetWindowRect.USER32(?,?), ref: 00DC8353
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$LongRectShow$Client$ExceptionRaise
                    • String ID:
                    • API String ID: 3804784045-0
                    • Opcode ID: 5bda3683db2b580a794c6ff5c0a78ac17b463485b4fa5ce06e0387ec8e2bc4d5
                    • Instruction ID: 2cd4dee6c829caa4bc5c298e7d429b34d4c60183b38f414b74b8f3626b82ac2d
                    • Opcode Fuzzy Hash: 5bda3683db2b580a794c6ff5c0a78ac17b463485b4fa5ce06e0387ec8e2bc4d5
                    • Instruction Fuzzy Hash: 081268719046469FDB25CF68D884FAABBF5FF88304F044A1EF486A7260DB30E945DB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBE820 Relevance: 25.9, APIs: 17, Instructions: 374memorynativeCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DBEC80: EnterCriticalSection.KERNEL32(00F9D7FC,604EB446,00000000,?,?,?,?,?,?,00DBE4E0,00EFFACD,000000FF), ref: 00DBECBD
                      • Part of subcall function 00DBEC80: LoadCursorW.USER32(00000000,00007F00), ref: 00DBED38
                      • Part of subcall function 00DBEC80: LoadCursorW.USER32(00000000,00007F00), ref: 00DBEDDE
                    • SysFreeString.OLEAUT32(00000000), ref: 00DBE8C3
                    • SysAllocString.OLEAUT32(00000000), ref: 00DBE8F4
                    • GetWindowLongW.USER32(?,000000EC), ref: 00DBE9CB
                    • GetWindowLongW.USER32(?,000000EC), ref: 00DBE9DB
                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00DBE9E6
                    • NtdllDefWindowProc_W.NTDLL(?,?,00000001,?), ref: 00DBE9F4
                    • GetWindowLongW.USER32(?,000000EB), ref: 00DBEA02
                    • GetWindowTextLengthW.USER32(?), ref: 00DBEA26
                    • GetWindowTextW.USER32(?,00000000,00000001), ref: 00DBEA95
                    • SetWindowTextW.USER32(?,00F42988), ref: 00DBEAA1
                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00DBEAD8
                    • GlobalLock.KERNEL32(00000000), ref: 00DBEAE6
                    • GlobalUnlock.KERNEL32(?), ref: 00DBEB0A
                    • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00DBEB91
                    • SysFreeString.OLEAUT32(00000000), ref: 00DBEBA6
                    • NtdllDefWindowProc_W.NTDLL(?,?,?,00000000), ref: 00DBEBED
                    • SysFreeString.OLEAUT32(00000000), ref: 00DBEC15
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Long$String$FreeGlobalText$AllocCursorLoadNtdllProc_$CriticalEnterLengthLockSectionUnlock
                    • String ID:
                    • API String ID: 4180494407-0
                    • Opcode ID: 4f992670c044698b8dfeb864b590c003cf0fb99c2610491fea87b8c5fcd92487
                    • Instruction ID: 7c140287dc1ee12e50286227a88752b7abe49243aabc714148ea62b4954dfe2d
                    • Opcode Fuzzy Hash: 4f992670c044698b8dfeb864b590c003cf0fb99c2610491fea87b8c5fcd92487
                    • Instruction Fuzzy Hash: 01D1CC71900249EFDB11DFA4CC48BEEBBB8EF45310F184259F912A7290DB799A04DBB1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DDABC0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 246windowtimeCOMMON
                    Download Yara Rule
                    APIs
                    • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,80000063,80000000,80000000,80000000,80000000,?,00000000,00000000,604EB446), ref: 00DDAC4F
                      • Part of subcall function 00DC0440: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00DC0476
                    • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00DDAD9C
                    • SendMessageW.USER32(00000000,00000439,00000000,0000002C), ref: 00DDADB0
                    • SendMessageW.USER32(00000000,00000421,00000003,?), ref: 00DDADC5
                    • SendMessageW.USER32(00000000,00000418,00000000,0000012C), ref: 00DDADDA
                    • GetWindowTextLengthW.USER32(?), ref: 00DDADE1
                    • SendMessageW.USER32(?,000000D6,-00000001,00000000), ref: 00DDADF1
                    • ClientToScreen.USER32(?,?), ref: 00DDAE11
                    • GetWindowRect.USER32(?,?), ref: 00DDAE23
                    • PtInRect.USER32(?,?,?), ref: 00DDAE33
                    • SendMessageW.USER32(00000000,00000412,00000000), ref: 00DDAE85
                    • SendMessageW.USER32(00000000,00000411,00000001,0000002C), ref: 00DDAE95
                    • SetTimer.USER32(?,?,00001388,00000000), ref: 00DDAEAC
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend$Window$Rect$ClientCreateLengthLongScreenTextTimer
                    • String ID: tooltips_class32
                    • API String ID: 3976673834-1918224756
                    • Opcode ID: 0f4bbd070554da880f59cea5b20098e4a8b9e0216e11ecc73957eb3700ad0586
                    • Instruction ID: 6c00899dd9f2b17e081fbab2808393c1965aee4eb1f81327bbe70cda87207f63
                    • Opcode Fuzzy Hash: 0f4bbd070554da880f59cea5b20098e4a8b9e0216e11ecc73957eb3700ad0586
                    • Instruction Fuzzy Hash: D6A15F71A00659EFDB14CFA4CD55BAEBBF8FF08704F14812AE516EB290D774A914CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF3190 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 268windowtimeCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00DF33B4
                    • SendMessageW.USER32(00000000,00000439,00000000,0000002C), ref: 00DF33C4
                    • SendMessageW.USER32(00000000,00000421,00000000,?), ref: 00DF33D9
                    • SendMessageW.USER32(00000000,00000418,00000000,0000012C), ref: 00DF33EA
                    • GetWindowTextLengthW.USER32(?), ref: 00DF33ED
                    • SendMessageW.USER32(?,000000D6,-00000001,00000000), ref: 00DF33FD
                    • ClientToScreen.USER32(?,?), ref: 00DF3419
                    • GetWindowRect.USER32(?,?), ref: 00DF342B
                    • PtInRect.USER32(?,?,?), ref: 00DF343B
                      • Part of subcall function 00DF45F0: CreateWindowExW.USER32(?,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00DF464F
                      • Part of subcall function 00DF45F0: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,00DF357C,00000000,604EB446,?,?), ref: 00DF4668
                      • Part of subcall function 00DC0440: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00DC0476
                    • SendMessageW.USER32(00000000,00000412,00000000), ref: 00DF348D
                    • SendMessageW.USER32(00000000,00000411,00000001,0000002C), ref: 00DF349D
                    • SetTimer.USER32(FFFFFFFF,?,00001388,00000000), ref: 00DF34B3
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend$Window$Rect$ClientCreateLengthLongScreenTextTimer
                    • String ID: ,
                    • API String ID: 3976673834-3772416878
                    • Opcode ID: 0ca77f66e46785a849d6b899261d981632aa3d9624ef34f352139d396c07da4a
                    • Instruction ID: 13a1e698f4cad50046992383e6b220d70c32bad262f7cb396af28853341dc86a
                    • Opcode Fuzzy Hash: 0ca77f66e46785a849d6b899261d981632aa3d9624ef34f352139d396c07da4a
                    • Instruction Fuzzy Hash: C3B1F8B1E002199FDB14CFA9CD85BAEBBF8FB08300F50812AE555EB291D774A954CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBE270 Relevance: 19.8, APIs: 13, Instructions: 293nativememoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(80004005,000000EC), ref: 00DBE35B
                    • GetWindowLongW.USER32(?,000000EC), ref: 00DBE36B
                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00DBE376
                    • NtdllDefWindowProc_W.NTDLL(?,?,00000001,80004005), ref: 00DBE384
                    • GetWindowLongW.USER32(?,000000EB), ref: 00DBE392
                    • GetWindowTextLengthW.USER32(?), ref: 00DBE3B6
                    • GetWindowTextW.USER32(?,00000000,00000001), ref: 00DBE425
                    • SetWindowTextW.USER32(?,00F42988), ref: 00DBE431
                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00DBE468
                    • GlobalLock.KERNEL32(00000000), ref: 00DBE476
                    • GlobalUnlock.KERNEL32(?), ref: 00DBE49A
                    • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00DBE4FF
                    • NtdllDefWindowProc_W.NTDLL(?,?,00000000,00000000), ref: 00DBE54D
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Long$GlobalText$NtdllProc_$AllocLengthLockUnlock
                    • String ID:
                    • API String ID: 2673961051-0
                    • Opcode ID: da0f89e7177742580f01a46320289f9e621bb7072692eaf046c8f0a59543c7f1
                    • Instruction ID: 5fb13ae8afe1729791fd1f8a2f177f5492538201ec5e1c8c8b27e476d4ecabfc
                    • Opcode Fuzzy Hash: da0f89e7177742580f01a46320289f9e621bb7072692eaf046c8f0a59543c7f1
                    • Instruction Fuzzy Hash: 49A1CE71900209EBDB20DFA4CC48BEEBBB9EF45314F184619F916A7291EB34D900CBB1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2C110 Relevance: 19.7, APIs: 13, Instructions: 155windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,00001036,00010000,00000000), ref: 00E2C17B
                    • GetParent.USER32(00000000), ref: 00E2C1CE
                    • GetWindowRect.USER32(00000000), ref: 00E2C1D1
                    • GetParent.USER32(00000000), ref: 00E2C1E0
                    • GetDC.USER32(00000000), ref: 00E2C1E3
                    • CreateCompatibleDC.GDI32(00000000), ref: 00E2C210
                    • CreateCompatibleBitmap.GDI32(00000000), ref: 00E2C24F
                    • SelectObject.GDI32(?,00000000), ref: 00E2C260
                    • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 00E2C276
                      • Part of subcall function 00DE2980: IsWindowVisible.USER32(?), ref: 00DE2A28
                      • Part of subcall function 00DE2980: GetWindowRect.USER32(?,?), ref: 00DE2A40
                      • Part of subcall function 00DE2980: GetWindowRect.USER32(?,?), ref: 00DE2A58
                      • Part of subcall function 00DE2980: IntersectRect.USER32(?,?,?), ref: 00DE2A75
                      • Part of subcall function 00DE2980: EqualRect.USER32(?,?), ref: 00DE2A85
                      • Part of subcall function 00DE2980: GetSysColorBrush.USER32(0000000F), ref: 00DE2A9C
                    • FillRect.USER32(?,?,00000000), ref: 00E2C28C
                    • DeleteDC.GDI32(?), ref: 00E2C2AC
                    • SendMessageW.USER32(?,00001026,00000000,000000FF), ref: 00E2C2D0
                    • SendMessageW.USER32(?,0000108A,00000000,00000011), ref: 00E2C2E3
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Rect$Window$MessageSend$CompatibleCreateParent$BitmapBrushColorDeleteEqualFillIntersectObjectPointsSelectVisible
                    • String ID:
                    • API String ID: 2161025992-0
                    • Opcode ID: f1e4de113b70ef6a3eb24643db1980bfe9300d57ac1aebd2912cc58f02888b90
                    • Instruction ID: 73714c567b62faf15324d0304295677f4427db42d79b1c606c2c73ad283e535a
                    • Opcode Fuzzy Hash: f1e4de113b70ef6a3eb24643db1980bfe9300d57ac1aebd2912cc58f02888b90
                    • Instruction Fuzzy Hash: A4514771D10648ABDB11DFA9CD44BDEBBF8EF59714F24431AE805B7290EB706980CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF2290 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 355COMMON
                    Download Yara Rule
                    APIs
                    • SetWindowLongW.USER32(?,000000FC,00000000), ref: 00DF25F7
                    • GetClientRect.USER32(00000000,00000000), ref: 00DF261E
                    • GetParent.USER32(?), ref: 00DF262D
                    • SetWindowLongW.USER32(?,000000EB,?), ref: 00DF264F
                    • ShowWindow.USER32(00000000,00000000), ref: 00DF2665
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Long$ClientParentRectShow
                    • String ID: Back$Cancel$Finish$Install$Next
                    • API String ID: 3785231025-735863087
                    • Opcode ID: 1cde7687283d8bd9a89745c0bb9effbd7c103adb2eea4b2f44e77a35d7026cf2
                    • Instruction ID: f1a152329673825934fc82ea0e507558e191988690ce00de218b7e7fb5d06157
                    • Opcode Fuzzy Hash: 1cde7687283d8bd9a89745c0bb9effbd7c103adb2eea4b2f44e77a35d7026cf2
                    • Instruction Fuzzy Hash: 19F137B0900248CFDB04CF64C994BAEBBF1FF49314F2581A9D915AB3A2D735E946CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E02800 Relevance: 16.9, APIs: 11, Instructions: 354windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                      • Part of subcall function 00E2B850: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00DCE8F8,00000000,80004005), ref: 00E2B8BB
                      • Part of subcall function 00E2B850: RedrawWindow.USER32(?,00000000,00000000,00000541,?,?,?,000000EF,?,00DCE8F8,00000000,80004005), ref: 00E2B8CC
                      • Part of subcall function 00E2B850: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E2B8EB
                    • GetWindowLongW.USER32(?,000000FC), ref: 00E02981
                    • SetWindowLongW.USER32(?,000000FC,?), ref: 00E0298F
                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E029DB
                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 00E02AA6
                    • RedrawWindow.USER32(?,00000000,00000000,00000541), ref: 00E02AB7
                    • SendMessageW.USER32(?), ref: 00E02AF4
                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E02B03
                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E02B10
                    • GetDC.USER32(?), ref: 00E03F23
                      • Part of subcall function 00E33890: GetLastError.KERNEL32(604EB446,?,00000000), ref: 00E338FD
                    • GetSysColor.USER32(00000005), ref: 00E03F40
                      • Part of subcall function 00E33920: CreateCompatibleBitmap.GDI32(?,?,00000000), ref: 00E33982
                      • Part of subcall function 00E33920: CreateCompatibleDC.GDI32(?), ref: 00E339BD
                      • Part of subcall function 00E33920: DeleteDC.GDI32(?), ref: 00E33C5B
                      • Part of subcall function 00E33920: DeleteObject.GDI32(00000000), ref: 00E33C71
                    • ReleaseDC.USER32(?,?), ref: 00E03F65
                      • Part of subcall function 00E06460: SendMessageW.USER32(?,00001109,00000000,?), ref: 00E06497
                      • Part of subcall function 00E04290: FreeLibrary.KERNEL32(?,604EB446,-000002D8), ref: 00E042DA
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSendWindow$CompatibleCreateDeleteLongRedraw$AllocateBitmapColorErrorFreeHeapLastLibraryObjectRelease
                    • String ID:
                    • API String ID: 3759377856-0
                    • Opcode ID: 1575b4c36cb2961f0755e399197658d74426293e625baa448a8332ff8aeda287
                    • Instruction ID: be0c0c7fdcad22414e7c55723449d6451044ae2793c6430b931991cb570a22c0
                    • Opcode Fuzzy Hash: 1575b4c36cb2961f0755e399197658d74426293e625baa448a8332ff8aeda287
                    • Instruction Fuzzy Hash: 3BD19F71A00219AFDB04DF68CC49FADBBF5FF48700F10415AF516AB2A0DB71A914DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE2980 Relevance: 15.1, APIs: 10, Instructions: 147windowCOMMON
                    Download Yara Rule
                    APIs
                    • IsWindowVisible.USER32(?), ref: 00DE2A28
                    • GetWindowRect.USER32(?,?), ref: 00DE2A40
                    • GetWindowRect.USER32(?,?), ref: 00DE2A58
                    • IntersectRect.USER32(?,?,?), ref: 00DE2A75
                    • EqualRect.USER32(?,?), ref: 00DE2A85
                    • GetSysColorBrush.USER32(0000000F), ref: 00DE2A9C
                    • GetWindowRect.USER32(?,?), ref: 00DE2AC5
                    • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00DE2ADA
                    • GetWindowLongW.USER32(?,000000EC), ref: 00DE2AEC
                    • SetBrushOrgEx.GDI32(?,?,?,00000000), ref: 00DE2B0A
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Rect$Brush$ColorEqualIntersectLongPointsVisible
                    • String ID:
                    • API String ID: 2158939716-0
                    • Opcode ID: cc86f08c8e7cb5373b63e173ac0a9af5cb95032a5f3d2954c8a6e60472e7fb5c
                    • Instruction ID: 5352ba7707b9b0edea639724e418a20019db1897c34695d1117431fe001fde71
                    • Opcode Fuzzy Hash: cc86f08c8e7cb5373b63e173ac0a9af5cb95032a5f3d2954c8a6e60472e7fb5c
                    • Instruction Fuzzy Hash: A95179326083458FC750DF66DD84A6BB7E8FF99704F18462EF98997211E730E944CBA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E800F0 Relevance: 12.8, APIs: 3, Strings: 4, Instructions: 544registryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00EDE23A: EnterCriticalSection.KERNEL32(00F9C82C,?,?,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE245
                      • Part of subcall function 00EDE23A: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE282
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 00E80346
                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00E80450
                      • Part of subcall function 00DB9230: FindResourceW.KERNEL32(00000000,?,00000006,?,000000FF,?,00E828EB,\\.\pipe\ToServer,?,?,?,00000000,00F15C26,000000FF,?,80004005), ref: 00DB9257
                    • GetEnvironmentVariableW.KERNEL32(UserDomain,?,00000064), ref: 00E805D1
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalHeapSection$AllocateCloseEnterEnvironmentFindLeaveProcessQueryResourceValueVariable
                    • String ID: .job$Software\Microsoft\Windows\CurrentVersion\Run$UserDomain$\/:*?"<>|
                    • API String ID: 1056644821-1682416907
                    • Opcode ID: 9e3f2dccf71b8d93361ee4f31120c795c9e9a5d701f8cc0bc76788395a4e9dc2
                    • Instruction ID: 19e827cc543a5c054dadb05ffb5a41d2eeb5f3ed7cedeeb6d4f516c4b192ef90
                    • Opcode Fuzzy Hash: 9e3f2dccf71b8d93361ee4f31120c795c9e9a5d701f8cc0bc76788395a4e9dc2
                    • Instruction Fuzzy Hash: B8022531A00605DFDB54EF68CD49BAEF7E5FF44314F10462DE919AB291DBB1A904CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E5A100 Relevance: 12.2, APIs: 8, Instructions: 166processCOMMON
                    Download Yara Rule
                    APIs
                    • GetCurrentProcessId.KERNEL32(604EB446,?,00000000), ref: 00E5A1C4
                    • GetCurrentProcessId.KERNEL32 ref: 00E5A1F6
                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00E5A1FE
                    • CloseHandle.KERNEL32(00000000), ref: 00E5A230
                    • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00E5A26D
                    • Process32NextW.KERNEL32(00000000,0000022C), ref: 00E5A290
                    • CloseHandle.KERNEL32(00000000), ref: 00E5A2AC
                    • CloseHandle.KERNEL32(00000000), ref: 00E5A2DA
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CloseHandle$CurrentProcessProcess32$CreateFirstNextSnapshotToolhelp32
                    • String ID:
                    • API String ID: 2569189622-0
                    • Opcode ID: 091eada6aa8196d3810d9068db9d3190cc3388b76aba15c05cc8ff172ae79b54
                    • Instruction ID: e158c435964ad7e00469cca328aca346ae50600a19117c68a916ef7c3e6eab15
                    • Opcode Fuzzy Hash: 091eada6aa8196d3810d9068db9d3190cc3388b76aba15c05cc8ff172ae79b54
                    • Instruction Fuzzy Hash: CA51B0B1905219DBDB30EF54DD49BAEB7B8FB04725F1406AAEC09A7290DB709E84CF41
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DEA2F8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 87COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: EmptyRect
                    • String ID: /$/$>
                    • API String ID: 2270935405-1615678632
                    • Opcode ID: ef0db08f557aeeb45cb173a13d93c9cd341e52683c5cb237cc53c0eb242ec1bd
                    • Instruction ID: b626f3dcda003fe1fb299cbc2033696ab3db684b5857a03f68e5f7d778f4c96d
                    • Opcode Fuzzy Hash: ef0db08f557aeeb45cb173a13d93c9cd341e52683c5cb237cc53c0eb242ec1bd
                    • Instruction Fuzzy Hash: BE4133B0506B86DFD724CF69C95438AFBF0BF0A328F10428DC4A98B691D3B56509EF95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E0CBB0 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(00000000,000000FC), ref: 00E0CC30
                    • SetWindowLongW.USER32(00000000,000000FC,?), ref: 00E0CC48
                    • GetWindowLongW.USER32(00000000,000000FC), ref: 00E0CC80
                    • SetWindowLongW.USER32(00000000,000000FC,?), ref: 00E0CC98
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LongWindow
                    • String ID:
                    • API String ID: 1378638983-0
                    • Opcode ID: a359284577356197e643a64ebb2f1d585965e5cb5ea1e57d1ee545520501a001
                    • Instruction ID: dda2aeb5a46d7da939280d516da1c324f2b4af78c5737b94f4488ce2ea734df7
                    • Opcode Fuzzy Hash: a359284577356197e643a64ebb2f1d585965e5cb5ea1e57d1ee545520501a001
                    • Instruction Fuzzy Hash: 6841BC70A0864AEBDB05DF78C989BC9FFA4FB05314F20835AE428A3391DB755A14DBD0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DCAD60 Relevance: 6.1, APIs: 4, Instructions: 87timeCOMMON
                    Download Yara Rule
                    APIs
                    • KillTimer.USER32(00000003,00000001,604EB446,?,?,?,?,00F01C04,000000FF), ref: 00DCADA1
                    • GetWindowLongW.USER32(00000003,000000FC), ref: 00DCADB6
                    • SetWindowLongW.USER32(00000003,000000FC,?), ref: 00DCADC8
                    • DeleteCriticalSection.KERNEL32(?,604EB446,?,?,?,?,00F01C04,000000FF), ref: 00DCADF3
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LongWindow$CriticalDeleteKillSectionTimer
                    • String ID:
                    • API String ID: 1032004442-0
                    • Opcode ID: 7cff4937379f35c7a077003ea2e956ad302932625460646909a7980900985706
                    • Instruction ID: 4dac0957b1f47a7f2e8582c3f63d1298112d0edf1ce42fed3167993d7c530787
                    • Opcode Fuzzy Hash: 7cff4937379f35c7a077003ea2e956ad302932625460646909a7980900985706
                    • Instruction Fuzzy Hash: 8C31CE71A0424AEBCB10DF68CD04B8ABBA8FF05314F14425AF824A76D1E775E914DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EDE310 Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                    Download Yara Rule
                    APIs
                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00EDE430,00F38E7C), ref: 00EDE315
                    • UnhandledExceptionFilter.KERNEL32(00EDE430,?,00EDE430,00F38E7C), ref: 00EDE31E
                    • GetCurrentProcess.KERNEL32(C0000409,?,00EDE430,00F38E7C), ref: 00EDE329
                    • TerminateProcess.KERNEL32(00000000,?,00EDE430,00F38E7C), ref: 00EDE330
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                    • String ID:
                    • API String ID: 3231755760-0
                    • Opcode ID: 278a427319f63a49cb4411ba673d5aec0aa914b3f65c902182508add574cd766
                    • Instruction ID: c703d028f86ddb067b31dfff124df67479b9770bf36a4371dad845f52eac760b
                    • Opcode Fuzzy Hash: 278a427319f63a49cb4411ba673d5aec0aa914b3f65c902182508add574cd766
                    • Instruction Fuzzy Hash: 47D012B200830CABCB203FE2EC0CA1E3F2AFB08332F084000F30A82020CB318400AF61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E72050 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 173fileCOMMON
                    Download Yara Rule
                    APIs
                    • FindFirstFileW.KERNEL32(?,?,00000000,?), ref: 00E7210C
                    • FindClose.KERNEL32(00000000), ref: 00E72257
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Find$AllocateCloseFileFirstHeap
                    • String ID: %d.%d.%d.%d
                    • API String ID: 1673784098-3491811756
                    • Opcode ID: 5027609c5295a54b90d2cb8c5d008a6de0c4ffb4f5c547c4101f651242e5802e
                    • Instruction ID: 1c6792b476b575c532a310ac10e22a9bb19aebed77a296b934e8bd13b1f8dcbc
                    • Opcode Fuzzy Hash: 5027609c5295a54b90d2cb8c5d008a6de0c4ffb4f5c547c4101f651242e5802e
                    • Instruction Fuzzy Hash: 99617C71905259DFDB20DF68CC48B9DBBB4EF05314F108299E919AB2A1DB329E84CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DCCB00 Relevance: 5.3, Strings: 4, Instructions: 346COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CloseHandle
                    • String ID: AI_CONTROL_VISUAL_STYLE$AI_CONTROL_VISUAL_STYLE_EX$AI_NO_BORDER_HOVER$AI_NO_BORDER_NORMAL
                    • API String ID: 2962429428-932585912
                    • Opcode ID: afd3f9c3ca96cd30c63ea2d5c0d897360a2fa7528e147df7f4b09942691b5888
                    • Instruction ID: a4044406728ee5c32e216accd9cb338f7cd17e8651197ce24f798c38358aec82
                    • Opcode Fuzzy Hash: afd3f9c3ca96cd30c63ea2d5c0d897360a2fa7528e147df7f4b09942691b5888
                    • Instruction Fuzzy Hash: BCD19D70D01258DFEB04CFA9C845BADBBF1EF85304F108169E455AB285DB78AA09CBB1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2A590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(?,000000FC), ref: 00E2A5F0
                    • SetWindowLongW.USER32(?,000000FC,?), ref: 00E2A5FE
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LongWindow
                    • String ID: /
                    • API String ID: 1378638983-3878498614
                    • Opcode ID: 2b22474accc30063684a5d9fe0d2c892482395014fe7064f0cb99374afb004c9
                    • Instruction ID: b4ad4f41b16e8e8bc40906211630daa8db803f81ea642a19d3205baf2b0c62b1
                    • Opcode Fuzzy Hash: 2b22474accc30063684a5d9fe0d2c892482395014fe7064f0cb99374afb004c9
                    • Instruction Fuzzy Hash: 0E21BA71804788EFCB10EF69D905B8ABFF4FF08320F14462AE455A37A1D772AA04DB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EE2823 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                    Download Yara Rule
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00EE291B
                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00EE2925
                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00EE2932
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                    • String ID:
                    • API String ID: 3906539128-0
                    • Opcode ID: eebd9344067b58d5da0423702b074fc20cfd1cf86730489ea8e719ae50004595
                    • Instruction ID: 24801eb90620482ec61026dccc87d552013267756b54b5cc19068db950f16809
                    • Opcode Fuzzy Hash: eebd9344067b58d5da0423702b074fc20cfd1cf86730489ea8e719ae50004595
                    • Instruction Fuzzy Hash: 0131B17590122D9BCB21EF69DD89789BBF8EF08310F5051EAE41CA6261E7709F818F44
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DB90F0 Relevance: 4.6, APIs: 3, Instructions: 64COMMON
                    Download Yara Rule
                    APIs
                    • LoadResource.KERNEL32(00000000,00000000,604EB446,00000001,00000000,?,00000000,00EFDF50,000000FF,?,00DB909C,00000000,?,?,\\.\pipe\ToServer,00EFE370), ref: 00DB911B
                    • LockResource.KERNEL32(00000000,?,00DB909C,00000000,?,?,\\.\pipe\ToServer,00EFE370,000000FF,?,00DB9240,?,000000FF,?,00E828EB,\\.\pipe\ToServer), ref: 00DB9126
                    • SizeofResource.KERNEL32(00000000,00000000,?,00DB909C,00000000,?,?,\\.\pipe\ToServer,00EFE370,000000FF,?,00DB9240,?,000000FF,?,00E828EB), ref: 00DB9134
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Resource$LoadLockSizeof
                    • String ID:
                    • API String ID: 2853612939-0
                    • Opcode ID: b5dbc889c92d6d3ceb56e9d47f37e4c9a1b08570a08f082badf6751ee7124707
                    • Instruction ID: 04c1dd9fd29aac4c7779f541eea704f6da630d8c4ff3b5abb256abe7d733e223
                    • Opcode Fuzzy Hash: b5dbc889c92d6d3ceb56e9d47f37e4c9a1b08570a08f082badf6751ee7124707
                    • Instruction Fuzzy Hash: DE11E2B2A0475AABC7359F1CDC48AA6F7E8E748760F00052AF92B83250E735980096A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC0D00 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(?,000000FC), ref: 00DC0D19
                    • SetWindowLongW.USER32(?,000000FC,?), ref: 00DC0D27
                    • DestroyWindow.USER32(?,?,?,?,?,?,80004003,?,00000001,?,?,00000001,?,?,00F42A20), ref: 00DC0D53
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Long$Destroy
                    • String ID:
                    • API String ID: 3055081903-0
                    • Opcode ID: c76e96cc94e6944b070b848c01b276a53873e04082e4d2b5084a74f76bb6a8c7
                    • Instruction ID: 1d7334ab97a27ac7137509176b0054e61c078fe3c9ca2ed5d57126ff7f4c69cd
                    • Opcode Fuzzy Hash: c76e96cc94e6944b070b848c01b276a53873e04082e4d2b5084a74f76bb6a8c7
                    • Instruction Fuzzy Hash: 55F01730004B15DBDB615B68EE05F82BFE1BF05721F044B1EE8AB929F0DB71A844AB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E68080 Relevance: 3.4, APIs: 2, Instructions: 374COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: HeapProcess
                    • String ID:
                    • API String ID: 54951025-0
                    • Opcode ID: f506b52a676e99c35f8d5f273aba884ea4160797926b7e082600db4efab59b62
                    • Instruction ID: c91e05ea07d31faf5d3e0ef1568dc7e8ca259fea7b1b66476712989e6e518344
                    • Opcode Fuzzy Hash: f506b52a676e99c35f8d5f273aba884ea4160797926b7e082600db4efab59b62
                    • Instruction Fuzzy Hash: 45E1A170A4064ADFDB14DFA8C988BAEBBF0FF44314F148269E525FB291DB74A905CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE2D40 Relevance: 3.3, APIs: 2, Instructions: 292COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DeleteObject
                    • String ID:
                    • API String ID: 1531683806-0
                    • Opcode ID: 2587f6865ef946c58128a7ead2537ab9773dae899d78ea852ead4d2c696591e6
                    • Instruction ID: cc0f832163352cd99932d2d8030f2a019ea78dd4e2d341f29e643e70c713ad10
                    • Opcode Fuzzy Hash: 2587f6865ef946c58128a7ead2537ab9773dae899d78ea852ead4d2c696591e6
                    • Instruction Fuzzy Hash: F3C11675A016458FCB18DF5AC490AAAB7F6FF88714F29815DE816AB394D730ED00CFA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE85C0 Relevance: 3.1, APIs: 2, Instructions: 75COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(00000000,000000FC), ref: 00DE862F
                    • SetWindowLongW.USER32(00000000,000000FC,?), ref: 00DE863D
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LongWindow
                    • String ID:
                    • API String ID: 1378638983-0
                    • Opcode ID: 814698e6ecba124705ff06cfb7b98714cc0f207fa26e90449fbb865c45d05a1e
                    • Instruction ID: dd42fe11240ba97ce1c3cab7782836b078e8afa55ced2704a250892342ccba88
                    • Opcode Fuzzy Hash: 814698e6ecba124705ff06cfb7b98714cc0f207fa26e90449fbb865c45d05a1e
                    • Instruction Fuzzy Hash: 23318C71904649EFCB10EF6AC944B99FBB4FF05320F14426AE428A76E0DB31A910DBE0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E749E0 Relevance: 3.1, APIs: 2, Instructions: 71fileCOMMON
                    Download Yara Rule
                    APIs
                    • FindFirstFileW.KERNEL32(00000000,?,604EB446,?,00000000,00000000,00000000,00F226AD,000000FF), ref: 00E74A48
                    • FindClose.KERNEL32(00000000,?,604EB446,?,00000000,00000000,00000000,00F226AD,000000FF), ref: 00E74A92
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Find$CloseFileFirst
                    • String ID:
                    • API String ID: 2295610775-0
                    • Opcode ID: b3e18383d878375537802b1656c23733a0fdfc1b59ea31652476198f2db0743e
                    • Instruction ID: e8f8e586cbd929398c7c7c7771faf7e8984c05bd8ab353f2da980b3982ec8a38
                    • Opcode Fuzzy Hash: b3e18383d878375537802b1656c23733a0fdfc1b59ea31652476198f2db0743e
                    • Instruction Fuzzy Hash: 6121A7729006499FD720EF68DD49B9EBBB4FF44724F10425AF825A72D0E7745A04CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EF00D9 Relevance: 1.8, APIs: 1, Instructions: 330timeCOMMON
                    Download Yara Rule
                    APIs
                    • GetTimeZoneInformation.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,00EF059B,?,?,00000000), ref: 00EF03EC
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: InformationTimeZone
                    • String ID:
                    • API String ID: 565725191-0
                    • Opcode ID: 460eb09e1756003ed7753bbf8a02277bc17b842e3bb45d2bb554b99809037058
                    • Instruction ID: d7e62408d7ec245672babec81c7ef4a16e2c395b3c3fa16bda5d498f30965d6b
                    • Opcode Fuzzy Hash: 460eb09e1756003ed7753bbf8a02277bc17b842e3bb45d2bb554b99809037058
                    • Instruction Fuzzy Hash: 1AA11771A0021DABDB20AF65DD42ABE7BF8EF45714F10506AFA04BB292E771DD40D790
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EF1259 Relevance: 1.8, APIs: 1, Instructions: 274COMMON
                    Download Yara Rule
                    APIs
                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00EF1254,?,?,00000008,?,?,00EFC388,00000000), ref: 00EF1486
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ExceptionRaise
                    • String ID:
                    • API String ID: 3997070919-0
                    • Opcode ID: 58acd6b736786d80b0858a918eae277e81b7fe6ef17527c10c8c6a1519ba1e9f
                    • Instruction ID: 27ab78cb0ecd31a40aaf142e6e947361a1831ff6d0067b12f68861606f961a01
                    • Opcode Fuzzy Hash: 58acd6b736786d80b0858a918eae277e81b7fe6ef17527c10c8c6a1519ba1e9f
                    • Instruction Fuzzy Hash: 67B14B3161060DCFD718CF28C486BA57BE0FF45369F259698E99ADF2A1C335E982CB40
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBEE50 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                    Download Yara Rule
                    APIs
                    • GetSysColor.USER32(00000008), ref: 00DBEFD7
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Color
                    • String ID:
                    • API String ID: 2811717613-0
                    • Opcode ID: d9a2737b40a406545c8dd5142b781e1109f82654431d3ef0f69aeacb74ff2b13
                    • Instruction ID: 6c58deccbcb834a84cf3ed510656b65d0a7e829ee7b3b7452dba2e49f7fba9c6
                    • Opcode Fuzzy Hash: d9a2737b40a406545c8dd5142b781e1109f82654431d3ef0f69aeacb74ff2b13
                    • Instruction Fuzzy Hash: 3371F8B0805B48DFE761CF64C95478ABFF0BB09314F108A5EC4A9AB391D3B96648DB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EE46C2 Relevance: .2, Instructions: 237COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fa9236bed4d56934633ccdf9087a6b2c82885048b213a4a4231d67ff7a3d261a
                    • Instruction ID: 64ca825b142aa3da054dbbb1dda090339cbc914151857d2cd6a85ca46ce02694
                    • Opcode Fuzzy Hash: fa9236bed4d56934633ccdf9087a6b2c82885048b213a4a4231d67ff7a3d261a
                    • Instruction Fuzzy Hash: 4C6146F0A006CD5ADB3CAAAB88917BE73D5AB46708F54342BE442FB3C1D7619D418289
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EE4490 Relevance: .2, Instructions: 216COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8575d8a27f96acf677972056cec690961d39bc8a5f43fce258530235d402cf33
                    • Instruction ID: 310e0b1086734dfa56549c31273396aef6d99d2e7102159015a6335d87c59b3d
                    • Opcode Fuzzy Hash: 8575d8a27f96acf677972056cec690961d39bc8a5f43fce258530235d402cf33
                    • Instruction Fuzzy Hash: F15147F1600ACD57DB389A6B849A7BE67DA9B4230CF14342AE553FB2C1DA21DD488312
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E0C960 Relevance: .1, Instructions: 109COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Color
                    • String ID:
                    • API String ID: 2811717613-0
                    • Opcode ID: 1348ec2aa4ede22ebc8aeb1d1cac88c101fcb7c19fc646449240cc738bd66988
                    • Instruction ID: bca88b085b45bd5e7ce87a98607afd36f6158fa198f387f7f7485fcb8cd26f3e
                    • Opcode Fuzzy Hash: 1348ec2aa4ede22ebc8aeb1d1cac88c101fcb7c19fc646449240cc738bd66988
                    • Instruction Fuzzy Hash: B751E4B0805744DFD711CF29C55878ABFF4EB15318F208A9DD4A95B382C3BAA64ADF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EFB3DE Relevance: .1, Instructions: 104COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ecd7e3833b917b785ea044b6db5eac74c382999759cc03e12c6e530b933b8b02
                    • Instruction ID: a85687ca882192dca00509966ef0879530cfb53e0b097bcde4a62e49156fef88
                    • Opcode Fuzzy Hash: ecd7e3833b917b785ea044b6db5eac74c382999759cc03e12c6e530b933b8b02
                    • Instruction Fuzzy Hash: 8621B673F20439477B0CC57ECC5327DB6E1C68C501745423AE8A6EA2C1D968D917E2E4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DEA8EA Relevance: .1, Instructions: 83COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2345887db410508d6e9a985599207d849daef97ea707a08a3a4fa2115ee14e19
                    • Instruction ID: e8df24b67fb229bcab2dd2d081d11633dbbd24f74174e30f34b8621f1c37ead7
                    • Opcode Fuzzy Hash: 2345887db410508d6e9a985599207d849daef97ea707a08a3a4fa2115ee14e19
                    • Instruction Fuzzy Hash: 0541A2B0405785DFE751CF14C96878ABFB0AF06328F2442CDC4991F292D3BA994ADF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EFB2BE Relevance: .1, Instructions: 81COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e5cccc4715c336df700f3313a50fd669a912a6f07ffbf9421200f9ebeccccc4a
                    • Instruction ID: 1ec30399340d881da2fb71f76c03926152ba8388f806a2a2818e5e5e0ecd7235
                    • Opcode Fuzzy Hash: e5cccc4715c336df700f3313a50fd669a912a6f07ffbf9421200f9ebeccccc4a
                    • Instruction Fuzzy Hash: EA118623F30C295B675C817D8C172BAA5D2EBD825074F533BD826E7284E9A4DE13D290
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E3ED30 Relevance: .1, Instructions: 77COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3ee4e0290ec1ebef52b0d5d1bc7360d8037ed6882fb9396c897124e1e039081e
                    • Instruction ID: b1d88e626a42defae196b717db4a33a0233560f6673867d91680c995108e8645
                    • Opcode Fuzzy Hash: 3ee4e0290ec1ebef52b0d5d1bc7360d8037ed6882fb9396c897124e1e039081e
                    • Instruction Fuzzy Hash: B5218B72904609DFCB14DF98C885BEEFBF8EB48314F440659E816A7381EB346A44CBE0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC1320 Relevance: .1, Instructions: 54COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 50cf7d8732e8c341782d3750a62a3def6da2eb716788992e0a4a730a2a3fa04e
                    • Instruction ID: b1fbf34e12d82ac3e229d465c103dc08db98cc0adefdededb567411bc5aaea54
                    • Opcode Fuzzy Hash: 50cf7d8732e8c341782d3750a62a3def6da2eb716788992e0a4a730a2a3fa04e
                    • Instruction Fuzzy Hash: 16215BB1804788CFD710CF58C944B8ABBF4FF09314F1186AED4559B791E3B9AA04DB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EF825A Relevance: .0, Instructions: 22COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b7eac90e922ad073000c2f15e9b6c7090a72476f7b21e0bf445cbb3081e2f8b5
                    • Instruction ID: cf3ecb40df585f2e74b949c486351100f9bc0fae5c43cc969257745c4ab4b4d8
                    • Opcode Fuzzy Hash: b7eac90e922ad073000c2f15e9b6c7090a72476f7b21e0bf445cbb3081e2f8b5
                    • Instruction Fuzzy Hash: 66E08C3291162CEBCB14DBD8CA48D9AF3ECEB44B40B1900A6F601E3211C670EF00C7D0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E34350 Relevance: 85.9, APIs: 4, Strings: 45, Instructions: 154libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • GetModuleHandleW.KERNEL32(kernel32,604EB446,?,?,00000000), ref: 00E34383
                    • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00E343CB
                      • Part of subcall function 00EDE1F0: EnterCriticalSection.KERNEL32(00F9C82C,?,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE1FA
                      • Part of subcall function 00EDE1F0: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE22D
                      • Part of subcall function 00EDE1F0: RtlWakeAllConditionVariable.NTDLL ref: 00EDE2A4
                    • GetProcAddress.KERNEL32(00000000,SetDllDirectory), ref: 00E34426
                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00E34481
                      • Part of subcall function 00EDE23A: EnterCriticalSection.KERNEL32(00F9C82C,?,?,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE245
                      • Part of subcall function 00EDE23A: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE282
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$AddressProc$EnterLeave$ConditionHandleModuleVariableWake
                    • String ID: SetDefaultDllDirectories$SetDllDirectory$SetSearchPathMode$USP10.dll$WindowsCodecs.dll$advapi32.dll$apphelp.dll$bcrypt.dll$cabinet.dll$comctl32.dll$comdlg32.dll$crypt32.dll$cryptsp.dll$davhlpr.dll$dbghelp.dll$dwmapi.dll$gdi32.dll$gdiplus.dll$kernel32$kernel32.dll$lpk.dll$mpr.dll$msasn1.dll$msi.dll$msihnd.dll$msimg32.dll$msls31.dll$ole32.dll$oleaut32.dll$profapi.dll$psapi.dll$rsaenh.dll$secur32.dll$setupapi.dll$shcore.dll$shell32.dll$shlwapi.dll$urlmon.dll$user32.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wininet.dll$wintrust.dll
                    • API String ID: 2802197397-2907519499
                    • Opcode ID: b22546b77365d20d0231ec19a43330beea56a19dbd8157714a8d4c3f8ef08e27
                    • Instruction ID: b1b03a2aa46286f6f44635a6badfa420465a823947bc61d3c07541322892bd75
                    • Opcode Fuzzy Hash: b22546b77365d20d0231ec19a43330beea56a19dbd8157714a8d4c3f8ef08e27
                    • Instruction Fuzzy Hash: 017128B0900258DBDF20DF94D94978DBFB4FB41318F2046A9E9186B392C7B05A48EF92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2A7E0 Relevance: 45.3, APIs: 30, Instructions: 319windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetClientRect.USER32(?,?), ref: 00E2A896
                    • SetBkMode.GDI32(?,00000001), ref: 00E2A8A1
                    • SelectObject.GDI32(?,?), ref: 00E2A8B0
                    • GetSysColor.USER32(00000011), ref: 00E2A8EE
                    • SetTextColor.GDI32(?,00000000), ref: 00E2A8F8
                    • DrawTextW.USER32(?,00000000,00000000,?,?), ref: 00E2A910
                    • SetTextColor.GDI32(?,00000000), ref: 00E2A91A
                    • GetSysColor.USER32(00000011), ref: 00E2A978
                    • SetTextColor.GDI32(?,00000000), ref: 00E2A982
                    • DrawTextW.USER32(?,00000000,00000000,?,?), ref: 00E2A9BB
                    • SetTextColor.GDI32(?,00000000), ref: 00E2A9C7
                    • SelectObject.GDI32(?,?), ref: 00E2A9D6
                    • IsWindowEnabled.USER32(?), ref: 00E2A9ED
                    • GetSysColor.USER32(00000011), ref: 00E2AA01
                    • SetTextColor.GDI32(?,00000000), ref: 00E2AA0B
                    • DrawTextW.USER32(?,00000000,?,?,?), ref: 00E2AA5A
                    • DrawTextW.USER32(?,?,?,?,?), ref: 00E2AAB5
                    • SetTextColor.GDI32(?,00000000), ref: 00E2AAC1
                    • GetFocus.USER32 ref: 00E2AAC7
                    • SelectObject.GDI32(?,604EB446), ref: 00E2AAEB
                    • SetBkMode.GDI32(?,00000001), ref: 00E2AAFB
                    • IsWindowEnabled.USER32(?), ref: 00E2AB07
                    • GetSysColor.USER32(00000011), ref: 00E2AB2C
                    • SetTextColor.GDI32(?,00000000), ref: 00E2AB36
                    • SelectObject.GDI32(?,?), ref: 00E2AB71
                    • GetWindowLongW.USER32(?,000000F0), ref: 00E2AB94
                    • DrawTextW.USER32(?,?,000000FF,?,00000000), ref: 00E2ABD5
                    • GetFocus.USER32 ref: 00E2ABDB
                    • SetTextColor.GDI32(?,?), ref: 00E2ABFF
                    • SelectObject.GDI32(?,?), ref: 00E2AC0B
                      • Part of subcall function 00E2B210: lstrlenW.KERNEL32(?,00000000,?,?,?,00E2AD75,00000000,00000000,00000000,00000000,?,?), ref: 00E2B25B
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Text$Color$DrawObjectSelect$Window$EnabledFocusMode$ClientLongRectlstrlen
                    • String ID:
                    • API String ID: 3925974018-0
                    • Opcode ID: 9e778660218fc4c40812547cfe9c0926791f9a1658922bf50fb0ebe963ad4d58
                    • Instruction ID: 1134a0c5d7d5d8ee92988d651ab43d75a177c8ac6a5589ca1dee562f61433f78
                    • Opcode Fuzzy Hash: 9e778660218fc4c40812547cfe9c0926791f9a1658922bf50fb0ebe963ad4d58
                    • Instruction Fuzzy Hash: 92D15C71900619EFDB098FA4ED44BEDFBB5FF08304F144229E91AAA260DB71AD50DF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E091B0 Relevance: 35.5, APIs: 19, Strings: 1, Instructions: 453windowlibraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • IsWindow.USER32(?), ref: 00E09202
                    • IsWindow.USER32(000000FF), ref: 00E09213
                    • GetClientRect.USER32(?,?), ref: 00E09297
                    • IsRectEmpty.USER32(?), ref: 00E092A1
                    • SendMessageW.USER32(000000FF,00001200,00000000,00000000), ref: 00E092B9
                    • IsRectEmpty.USER32(?), ref: 00E093AB
                    • SendMessageW.USER32(?,00001104,00000001,?), ref: 00E0941E
                    • IsWindowEnabled.USER32(?), ref: 00E09426
                    • GetSysColor.USER32(0000000F), ref: 00E0943C
                    • SendMessageW.USER32(000000FF,00001200,00000000,00000000), ref: 00E09455
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                      • Part of subcall function 00E09C20: SendMessageW.USER32(?,0000113E,00000000,00000001), ref: 00E09CBA
                      • Part of subcall function 00E09C20: lstrlenW.KERNEL32(?), ref: 00E09CCA
                    • DrawTextW.USER32(?,?,?,?,00000C00), ref: 00E094A8
                    • SetBkMode.GDI32(?,00000001), ref: 00E094E5
                    • SetTextColor.GDI32(?,00000004), ref: 00E094F5
                    • IsWindowEnabled.USER32(?), ref: 00E0950C
                    • SetTextColor.GDI32(?,?), ref: 00E09526
                    • SetTextColor.GDI32(?,?), ref: 00E0960D
                    • SelectObject.GDI32(?,?), ref: 00E0961E
                      • Part of subcall function 00E08950: GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 00E089B8
                    • DrawTextW.USER32(?,?,00000000,?,?), ref: 00E096DC
                      • Part of subcall function 00EDE23A: EnterCriticalSection.KERNEL32(00F9C82C,?,?,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE245
                      • Part of subcall function 00EDE23A: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE282
                    • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 00E09686
                      • Part of subcall function 00EDE1F0: EnterCriticalSection.KERNEL32(00F9C82C,?,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE1FA
                      • Part of subcall function 00EDE1F0: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE22D
                      • Part of subcall function 00EDE1F0: RtlWakeAllConditionVariable.NTDLL ref: 00EDE2A4
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Text$ColorCriticalMessageSectionSendWindow$Rect$AddressDrawEmptyEnabledEnterLeaveProc$ClientConditionHeapModeObjectProcessSelectVariableWakelstrlen
                    • String ID: DrawThemeText
                    • API String ID: 2860153671-2508557991
                    • Opcode ID: 17ac0d3a9255958811f94447e421e728499654133884dce4cc566082ddc37c40
                    • Instruction ID: 5039c30390c752bece288d4ebb260951e713576e718432cd8b3112a1e88e055f
                    • Opcode Fuzzy Hash: 17ac0d3a9255958811f94447e421e728499654133884dce4cc566082ddc37c40
                    • Instruction Fuzzy Hash: BD126A71E00609EFDB14CFA8C948B9DBBF5FF08314F24825AE515AB2A2D771A945CF50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC0D60 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 359stringCOMMON
                    Download Yara Rule
                    APIs
                    • RedrawWindow.USER32(?,00000000,00000000,00000507,604EB446), ref: 00DC0DEE
                    • IsWindow.USER32(?), ref: 00DC0E00
                    • GetParent.USER32(?), ref: 00DC0E41
                    • lstrcmpW.KERNEL32(?,#32770), ref: 00DC0E61
                    • GetSysColor.USER32(00000005), ref: 00DC0E71
                    • GetWindowLongW.USER32(?,000000F0), ref: 00DC0F01
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$ColorLongParentRedrawlstrcmp
                    • String ID: #32770
                    • API String ID: 778456007-463685578
                    • Opcode ID: 871c41702b9c256e15508bff27e420822972217e5dd86146c77ddb1fae4036f6
                    • Instruction ID: f1bcb5c1794cd0cf181c48b838c4b8875c10a168218fec742bb6d252ce83b053
                    • Opcode Fuzzy Hash: 871c41702b9c256e15508bff27e420822972217e5dd86146c77ddb1fae4036f6
                    • Instruction Fuzzy Hash: B1E18B74A0021AEFDB14CFA4C844FAEBBB5EF49710F18811DF901AB2A1D735A944CB71
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E7AE40 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 335COMMON
                    Download Yara Rule
                    Strings
                    • Unable to retrieve exit code from process., xrefs: 00E7B1C2
                    • ps1, xrefs: 00E7AEE6, 00E7AEF8, 00E7AF02
                    • Unable to retrieve PowerShell output from file: , xrefs: 00E7B19F
                    • powershell.exe -NonInteractive -NoLogo -ExecutionPolicy Unrestricted -WindowStyle Hidden -Command "$host.UI.RawUI.BufferSize = new, xrefs: 00E7AF9F
                    • Unable to get a temp file for script output, temp path: , xrefs: 00E7AF4F
                    • Unable to create process: , xrefs: 00E7B045
                    • Unable to find file , xrefs: 00E7AE73
                    • txt, xrefs: 00E7AF13
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID: Unable to create process: $Unable to find file $Unable to get a temp file for script output, temp path: $Unable to retrieve PowerShell output from file: $Unable to retrieve exit code from process.$powershell.exe -NonInteractive -NoLogo -ExecutionPolicy Unrestricted -WindowStyle Hidden -Command "$host.UI.RawUI.BufferSize = new$ps1$txt
                    • API String ID: 0-4129021124
                    • Opcode ID: 9790ddf19b32076d6cd045bb7b1fa829f9ffa36e10ae2419ed1b95454e95ca4a
                    • Instruction ID: 89e839384f85158ff015cd34868920c9a3909257f1c8e60f795f9de0571f1dcd
                    • Opcode Fuzzy Hash: 9790ddf19b32076d6cd045bb7b1fa829f9ffa36e10ae2419ed1b95454e95ca4a
                    • Instruction Fuzzy Hash: 6CC1AB70D01649EBDB10DFA8C915BAEFBB4EF05324F108259F515BB291DB70AA44DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2AC40 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 313COMMON
                    Download Yara Rule
                    APIs
                    • IsWindow.USER32(00000001), ref: 00E2AC89
                    • GetDC.USER32(00000001), ref: 00E2ACD1
                    • GetClientRect.USER32(00000001,?), ref: 00E2ACF7
                    • SelectObject.GDI32(00000000,?), ref: 00E2AD7C
                    • DrawTextW.USER32(00000000,00000000,00000000,?,?), ref: 00E2ADBC
                    • SelectObject.GDI32(00000000,?), ref: 00E2ADC9
                    • DrawTextW.USER32(00000000,00000000,00000000,?,?), ref: 00E2AE00
                    • DrawTextW.USER32(00000000,00000000,00000000,?,?), ref: 00E2AEDB
                    • DrawTextW.USER32(00000000,00000000,00000000,?,?), ref: 00E2AF4A
                    • SelectObject.GDI32(00000000,?), ref: 00E2AF77
                    • SelectObject.GDI32(00000000,?), ref: 00E2AF99
                    • GetWindowLongW.USER32(00000001,000000F0), ref: 00E2AFC0
                    • DrawTextW.USER32(00000000,?,000000FF,?,00000000), ref: 00E2B011
                    • SelectObject.GDI32(00000000,00000000), ref: 00E2B024
                    • OffsetRect.USER32(?,000000FF,00000000), ref: 00E2B05C
                    • ReleaseDC.USER32(?,00000000), ref: 00E2B07A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DrawObjectSelectText$RectWindow$ClientLongOffsetRelease
                    • String ID:
                    • API String ID: 4250999095-3688684798
                    • Opcode ID: bd6aae283ce14b67810157e2c3bfebda128d478cf9e375bb9fdcddee458f3a31
                    • Instruction ID: 3f05e1a315022e0e5b26f5a5db30a4b70a3e53f140660347e662c7fe98768851
                    • Opcode Fuzzy Hash: bd6aae283ce14b67810157e2c3bfebda128d478cf9e375bb9fdcddee458f3a31
                    • Instruction Fuzzy Hash: EED10571D00218DFEB21CFA8D945BEEBBB4FB08304F248219E566A3291DB356A45DF50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E50A50 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 207COMMON
                    Download Yara Rule
                    APIs
                    • GetDlgItem.USER32(?,000001F6), ref: 00E50A9E
                    • GetDlgItem.USER32(?,000001F8), ref: 00E50AAB
                    • GetDlgItem.USER32(?,000001F7), ref: 00E50AF8
                    • SetWindowTextW.USER32(00000000,00000000), ref: 00E50B07
                    • ShowWindow.USER32(?,00000005), ref: 00E50B27
                      • Part of subcall function 00E4FF80: GetWindowLongW.USER32(?,000000F0), ref: 00E4FFBF
                      • Part of subcall function 00E4FF80: GetWindowLongW.USER32(?,000000F0), ref: 00E4FFD0
                      • Part of subcall function 00E4FF80: SetWindowLongW.USER32(?,000000F0,00000000), ref: 00E4FFE2
                      • Part of subcall function 00E4FF80: GetWindowLongW.USER32(?,000000EC), ref: 00E4FFF5
                      • Part of subcall function 00E4FF80: SetWindowLongW.USER32(?,000000EC,00000000), ref: 00E50004
                      • Part of subcall function 00E4FF80: SendMessageW.USER32(?,0000007F,00000000,00000000), ref: 00E50018
                      • Part of subcall function 00E4FF80: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00E50027
                      • Part of subcall function 00E4FF80: GetClientRect.USER32(?,?), ref: 00E5003E
                      • Part of subcall function 00E4FF80: GetClientRect.USER32(?,?), ref: 00E50062
                    • GetDlgItem.USER32(?,000001F7), ref: 00E50B46
                    • SetWindowTextW.USER32(00000000,00000000), ref: 00E50B55
                    • ShowWindow.USER32(?,00000000), ref: 00E50B75
                    • ShowWindow.USER32(?,00000000), ref: 00E50B7C
                    • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000616), ref: 00E50BC5
                    • GetDlgItem.USER32(00000000,00000000), ref: 00E50BF9
                    • IsWindow.USER32(00000000), ref: 00E50C03
                    • IsRectEmpty.USER32(?), ref: 00E50C20
                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?,?,00000616), ref: 00E50C50
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$ItemLong$RectShow$ClientMessageSendText$Empty
                    • String ID: Details <<$Details >>
                    • API String ID: 263192859-3763984547
                    • Opcode ID: a2bf4a6cc6c294cd26d5ba6a3aed2b19611a4b2199b8f0159fa11c632f157c9c
                    • Instruction ID: 8e5905305d3470713c5bf438ec8070228320cc29277899e1d4442a87d8424f1b
                    • Opcode Fuzzy Hash: a2bf4a6cc6c294cd26d5ba6a3aed2b19611a4b2199b8f0159fa11c632f157c9c
                    • Instruction Fuzzy Hash: C0719F71A00208AFDB24DFA8DC46BAEFBF4EF58705F104619F901B6290DB71A945DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E508C0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 132windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00E4DF80: LoadLibraryW.KERNEL32(ComCtl32.dll,604EB446,00000000,?,00000000), ref: 00E4DFBE
                      • Part of subcall function 00E4DF80: GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 00E4DFE1
                      • Part of subcall function 00E4DF80: FreeLibrary.KERNEL32(00000000), ref: 00E4E05F
                    • GetDlgItem.USER32(?,000001F4), ref: 00E50901
                    • SendMessageW.USER32(00000000,00000170,00000000,00000000), ref: 00E50912
                    • GetDC.USER32(00000000), ref: 00E5091A
                    • GetDeviceCaps.GDI32(00000000), ref: 00E50921
                    • MulDiv.KERNEL32(00000009,00000000), ref: 00E5092A
                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Courier New), ref: 00E50953
                    • GetDlgItem.USER32(?,000001F6), ref: 00E50964
                    • IsWindow.USER32(00000000), ref: 00E5096D
                    • SendMessageW.USER32(00000000,00000030,?,00000000), ref: 00E50984
                    • GetDlgItem.USER32(?,000001F8), ref: 00E5098E
                    • GetWindowRect.USER32(?,?), ref: 00E5099F
                    • GetWindowRect.USER32(?,?), ref: 00E509B2
                    • GetWindowRect.USER32(00000000,?), ref: 00E509C2
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$ItemRect$LibraryMessageSend$AddressCapsCreateDeviceFontFreeLoadProc
                    • String ID: Courier New
                    • API String ID: 1731048342-2572734833
                    • Opcode ID: fcf06e654a153c578fd26965dc0b9dfc435a0258f70bda582966be975b39381f
                    • Instruction ID: 5e1a92877eb6c60fb70aff62060edab11b9dd7b0468c99f064614c772d7c2fb7
                    • Opcode Fuzzy Hash: fcf06e654a153c578fd26965dc0b9dfc435a0258f70bda582966be975b39381f
                    • Instruction Fuzzy Hash: EF41FA71B843087BEB14AF609C46FAE77E9AF58B04F00012DFB05BA1D1DAB0AC408B55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E36E60 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 267COMMON
                    Download Yara Rule
                    APIs
                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,604EB446), ref: 00E36F06
                    • GetLastError.KERNEL32 ref: 00E36F10
                    • EnterCriticalSection.KERNEL32(?), ref: 00E36F85
                    • LeaveCriticalSection.KERNEL32(?,76EDE740,?), ref: 00E36FB2
                    • GetModuleFileNameW.KERNEL32(00DB0000,?,00000104), ref: 00E3700B
                    • GetModuleHandleW.KERNEL32(00000000), ref: 00E37073
                    • LeaveCriticalSection.KERNEL32(?,Module,?), ref: 00E37190
                    • EnterCriticalSection.KERNEL32(?), ref: 00E371B1
                    • LeaveCriticalSection.KERNEL32(?,Module_Raw,?), ref: 00E371E5
                      • Part of subcall function 00E37450: EnterCriticalSection.KERNEL32( t,604EB446,76EDE740,00000000), ref: 00E3748D
                      • Part of subcall function 00E37450: LeaveCriticalSection.KERNEL32( t), ref: 00E3749E
                      • Part of subcall function 00E37450: DeleteCriticalSection.KERNEL32( t), ref: 00E374BA
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$Leave$Enter$Module$CountDeleteErrorFileHandleInitializeLastNameSpin
                    • String ID: @v$Module$Module_Raw$REGISTRY
                    • API String ID: 1545931267-428528933
                    • Opcode ID: 79912575b2bd9b2a46357973a0feb63bac0b0bb0cce759389ecfcad73f156b0b
                    • Instruction ID: aa6d381ec235d693470458e24f55c27b9a8bae3e9e621813a639b63207479606
                    • Opcode Fuzzy Hash: 79912575b2bd9b2a46357973a0feb63bac0b0bb0cce759389ecfcad73f156b0b
                    • Instruction Fuzzy Hash: 86B1CFB5A083189BCB20DF24CD48B9ABBB4AF49314F1041D9E84DA7690E7759E48CF52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E073A0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 209windowCOMMON
                    Download Yara Rule
                    APIs
                    • LoadCursorW.USER32(00000000,00007F00), ref: 00E073D5
                    • SetCursor.USER32(00000000), ref: 00E073DC
                    • GetParent.USER32 ref: 00E07437
                    • SendMessageW.USER32(00000000,0000004E,00000000,?), ref: 00E07447
                    • SendMessageW.USER32(?,?,?,?), ref: 00E075B7
                    • GetDlgItem.USER32(?,?), ref: 00E075F6
                    • GetDlgItem.USER32(?,?), ref: 00E07629
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CursorItemMessageSend$LoadParent
                    • String ID:
                    • API String ID: 1572930397-3916222277
                    • Opcode ID: 5b4bc34977c085311767a7324a1a4a0437f39442ea86fac393cb2419cb3ba338
                    • Instruction ID: cadf810462da19041bc8cd32b2ae3069c83a173ca2dd93caa3026b6aedcf7636
                    • Opcode Fuzzy Hash: 5b4bc34977c085311767a7324a1a4a0437f39442ea86fac393cb2419cb3ba338
                    • Instruction Fuzzy Hash: 2A81BFB0A08305DFDB24CF19D894BA677A1FB94314F00166AE896972E1D371FC90CBE0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DDCB60 Relevance: 22.7, APIs: 15, Instructions: 178windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,00000318,00000000,00000004), ref: 00DDCBC7
                    • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 00DDCBD5
                    • SendMessageW.USER32(?,00001304,00000000,00000000), ref: 00DDCBEF
                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00DDCC07
                    • SendMessageW.USER32(?,0000130A,00000000,?), ref: 00DDCC38
                    • CreateRectRgn.GDI32(?,?,?,?), ref: 00DDCC72
                    • DeleteObject.GDI32(00000000), ref: 00DDCC89
                    • GetClientRect.USER32(?,?), ref: 00DDCCA5
                    • CreateRectRgn.GDI32(00000000,00000000,?,?), ref: 00DDCCD0
                    • CreateRectRgn.GDI32(?,?,?,?), ref: 00DDCCED
                    • SelectClipRgn.GDI32(00000000,00000000), ref: 00DDCD04
                    • GetParent.USER32(?), ref: 00DDCD14
                    • SendMessageW.USER32(00000000,00000136,?,?), ref: 00DDCD25
                    • DeleteObject.GDI32(00000000), ref: 00DDCD3B
                    • DeleteObject.GDI32(?), ref: 00DDCD40
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageRectSend$Create$DeleteObject$ClientClipParentSelect
                    • String ID:
                    • API String ID: 1236051970-0
                    • Opcode ID: eb750577221500016e9acf139a6ea62a8e6c4a80cd86eb238c53d543c1c8a5ad
                    • Instruction ID: a03741f168b5f018d5dae070e7331482fe15f7d73d5c489840ff514c7121512d
                    • Opcode Fuzzy Hash: eb750577221500016e9acf139a6ea62a8e6c4a80cd86eb238c53d543c1c8a5ad
                    • Instruction Fuzzy Hash: 1D61F472A10218AFDB119FE5DD49FEEBBB9FF48710F14011AF619AB2A0C7716910DB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF6B50 Relevance: 21.2, APIs: 14, Instructions: 170COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(?,000000F0), ref: 00DF6B97
                    • GetParent.USER32 ref: 00DF6BAD
                    • GetWindowRect.USER32(?,?), ref: 00DF6BB8
                    • GetParent.USER32(?), ref: 00DF6BC0
                    • GetClientRect.USER32(00000000,?), ref: 00DF6BCF
                    • GetClientRect.USER32(?,?), ref: 00DF6BD8
                    • MapWindowPoints.USER32(00000002,00000000,?,00000002), ref: 00DF6BE4
                    • GetWindow.USER32(?,00000004), ref: 00DF6BF2
                    • GetWindowRect.USER32(?,?), ref: 00DF6C00
                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00DF6C0D
                    • MonitorFromWindow.USER32(?,00000002), ref: 00DF6C25
                    • GetMonitorInfoW.USER32(00000000,00000004), ref: 00DF6C3F
                    • SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015), ref: 00DF6CED
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Rect$ClientLongMonitorParent$FromInfoPoints
                    • String ID:
                    • API String ID: 3127921553-0
                    • Opcode ID: 05db3ead7f35c4d9ab5e232e9717b6bb7b04716f811d193c0c982c4e57ff5c8d
                    • Instruction ID: a30f6921d0d2a7a362b0455669167bc6f4e577b4d6bf30b094ae5bf455993049
                    • Opcode Fuzzy Hash: 05db3ead7f35c4d9ab5e232e9717b6bb7b04716f811d193c0c982c4e57ff5c8d
                    • Instruction Fuzzy Hash: C2515F72D0411C9FDB11CFA8DD45AAEBBB9FB48710F25422AE955E3294DB30AD00DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E50630 Relevance: 19.7, APIs: 13, Instructions: 196COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(?,000000EB), ref: 00E50664
                    • DeleteObject.GDI32(?), ref: 00E506B0
                      • Part of subcall function 00E50120: IsWindowVisible.USER32 ref: 00E50136
                      • Part of subcall function 00E50120: SendMessageW.USER32(?,0000000B,00000000,00000000), ref: 00E50152
                      • Part of subcall function 00E50120: GetWindowLongW.USER32(?,000000F0), ref: 00E50158
                      • Part of subcall function 00E50120: GetDlgItem.USER32(?,?), ref: 00E501CA
                      • Part of subcall function 00E50120: GetWindowRect.USER32(00000000,?), ref: 00E501E2
                      • Part of subcall function 00E50120: MapWindowPoints.USER32(00000000,?,00000002,00000002), ref: 00E501F3
                    • EndDialog.USER32(?,00000000), ref: 00E50722
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Long$DeleteDialogItemMessageObjectPointsRectSendVisible
                    • String ID:
                    • API String ID: 2368538989-0
                    • Opcode ID: 96912c8e49d56b87bc60cdcda0b6ad80e2bb868bb32db5b20daf3102c7de4100
                    • Instruction ID: e589b8ee2d997883715b3c603878b04e150c06e76dd4185dac3a97900574f8da
                    • Opcode Fuzzy Hash: 96912c8e49d56b87bc60cdcda0b6ad80e2bb868bb32db5b20daf3102c7de4100
                    • Instruction Fuzzy Hash: B9619031900206DBDB289F69CD48FAEBBB4EB08726F101A19F916F36D0D774D948DB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E7E4E0 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 290libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000023,?,604EB446,?,?,00F9D648), ref: 00E7E528
                    • LoadLibraryW.KERNEL32(Shell32.dll,?,00F9D648), ref: 00E7E537
                    • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00E7E54B
                    • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00E7E5CA
                    • SHGetMalloc.SHELL32(?), ref: 00E7E607
                    • PathFileExistsW.SHLWAPI(?,ADVINST_LOGS,0000000C,?,00000000), ref: 00E7E65A
                    • CreateDirectoryW.KERNEL32(?,?,Everyone,?,00000000,?,00000000), ref: 00E7E6E1
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Path$AddressCreateDirectoryExistsFileFolderFromLibraryListLoadLocationMallocProcSpecial
                    • String ID: ADVINST_LOGS$Everyone$SHGetSpecialFolderPathW$Shell32.dll
                    • API String ID: 1254244429-1733115844
                    • Opcode ID: 26b013f286878f27d19a440affe34ff94fd1edb7913789c5b4f19dc765479d8f
                    • Instruction ID: a8785769d3a945b387ebc88d5c7d58b3e7e448ff8cf68f30f059ed0df19c0108
                    • Opcode Fuzzy Hash: 26b013f286878f27d19a440affe34ff94fd1edb7913789c5b4f19dc765479d8f
                    • Instruction Fuzzy Hash: 9BB1ADB1D002099FDB14DFA8C949BAEFBF4EF58318F148159E419BB3A1E7749A40CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E080D0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 158libraryloaderwindowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DC0440: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00DC0476
                    • GetClientRect.USER32(?,?), ref: 00E0813E
                      • Part of subcall function 00E09790: SetLastError.KERNEL32(0000000E,?,?,?,?,?,?,?,?,?,?,604EB446,?,?), ref: 00E0980A
                      • Part of subcall function 00E09790: CreateWindowExW.USER32(00000000,SysHeader32,00000000,50000080,?,?,?,?,?,00000000,00000000,?), ref: 00E09880
                      • Part of subcall function 00E09790: CreateWindowExW.USER32(00000000,SysHeader32,00000000,40000000,?,?,?,?,?,00000002,00000000), ref: 00E098B8
                      • Part of subcall function 00E09790: CreateWindowExW.USER32(00000000,SCROLLBAR,00000000,50000004,?,?,?,?,?,00000003,00000000), ref: 00E098F0
                      • Part of subcall function 00E08950: GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 00E089B8
                    • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 00E081A4
                      • Part of subcall function 00EDE1F0: EnterCriticalSection.KERNEL32(00F9C82C,?,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE1FA
                      • Part of subcall function 00EDE1F0: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE22D
                      • Part of subcall function 00EDE1F0: RtlWakeAllConditionVariable.NTDLL ref: 00EDE2A4
                    • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 00E081F7
                    • SendMessageW.USER32(00000000,0000112C,00000004,00000004), ref: 00E08233
                      • Part of subcall function 00EDE23A: EnterCriticalSection.KERNEL32(00F9C82C,?,?,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE245
                      • Part of subcall function 00EDE23A: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE282
                    • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00E08263
                    • FreeLibrary.KERNEL32(604EB446), ref: 00E0829A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: AddressCriticalProcSectionWindow$Create$EnterLeave$ClientConditionErrorFreeLastLibraryLongMessageRectSendVariableWake
                    • String ID: DllGetVersion$GetWindowTheme$SetWindowTheme$comctl32.dll$explorer
                    • API String ID: 2633743064-695539450
                    • Opcode ID: c406e34632330b392e0c94b7660097200597e74fb30cbde41f0a49633ca16acf
                    • Instruction ID: c2e7a1a0987ec60f912d0e6518d4b8af3e3f4d86dade10947146a304824ad206
                    • Opcode Fuzzy Hash: c406e34632330b392e0c94b7660097200597e74fb30cbde41f0a49633ca16acf
                    • Instruction Fuzzy Hash: AD51D170A01708DBDB10EF68DE41B9ABBF5EF58314F10562AF856A72E1DB30A880DB51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E39140 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 153libraryCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000060,604EB446,8007000E,00000000,?,?,?,?,?,?,?,?,00F16D55,000000FF), ref: 00E391C2
                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,?,?,?,?,?,?,?,?,00F16D55,000000FF), ref: 00E391D1
                    • FindResourceW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F16D55,000000FF), ref: 00E391EF
                    • LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00F16D55,000000FF), ref: 00E39207
                      • Part of subcall function 00DC4C10: GetLastError.KERNEL32(604EB446,?,Function_0014E010,000000FF), ref: 00DC4C32
                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F16D55,000000FF), ref: 00E392EA
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LibraryLoad$Resource$ErrorFindFreeLast
                    • String ID: @v$Module$Module_Raw$REGISTRY
                    • API String ID: 328770362-428528933
                    • Opcode ID: a63ec12040bbfbd52e6508c59dfa951862e4fdfba89e662fa8c0d1734d2fd037
                    • Instruction ID: 3fdcf0899bd823caa28a409deeb88d367ba85c37baa4bc7f5b0136052110e76b
                    • Opcode Fuzzy Hash: a63ec12040bbfbd52e6508c59dfa951862e4fdfba89e662fa8c0d1734d2fd037
                    • Instruction Fuzzy Hash: AB51C1B1904649EFCB20DF64D948BEE7BB5FF84310F104129F905BB2A1DBB49A00DBA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC8D20 Relevance: 18.3, APIs: 12, Instructions: 324windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowRect.USER32(?,?), ref: 00DC8D77
                    • GetWindowRect.USER32(?,?), ref: 00DC8E4B
                    • GetClientRect.USER32(?,?), ref: 00DC8E5D
                    • GetWindowDC.USER32(?), ref: 00DC8E6F
                    • CreateCompatibleDC.GDI32(00000000), ref: 00DC8E9C
                    • CreateCompatibleBitmap.GDI32(00000000), ref: 00DC8EDE
                    • SelectObject.GDI32(00000000,00000000), ref: 00DC8EED
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: RectWindow$CompatibleCreate$BitmapClientObjectSelect
                    • String ID:
                    • API String ID: 2032541772-0
                    • Opcode ID: f89ff88aa8c22708891d3bcd63bcc5271c38ca6c94cfd6ef89a34aeb1be28760
                    • Instruction ID: 1dfa9e6980ca559233f2564e0ee14d0bbbdfdeda77b5ab1c3b41441eb376000d
                    • Opcode Fuzzy Hash: f89ff88aa8c22708891d3bcd63bcc5271c38ca6c94cfd6ef89a34aeb1be28760
                    • Instruction Fuzzy Hash: 57D11771D04619EFEB21CFA4C948B9EBBF8EF09710F14425AE809A7251DB706A40DFA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE26E0 Relevance: 18.2, APIs: 12, Instructions: 210windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetDC.USER32(?), ref: 00DE2743
                    • GetWindowRect.USER32(?,?), ref: 00DE2762
                    • CreateCompatibleDC.GDI32(?), ref: 00DE2791
                    • CreateCompatibleBitmap.GDI32(?), ref: 00DE27D0
                    • SelectObject.GDI32(?,00000000), ref: 00DE27DF
                    • SendMessageW.USER32(?,00000317,?,00000014), ref: 00DE27F6
                    • CreatePatternBrush.GDI32(00000000), ref: 00DE2801
                    • GetSysColorBrush.USER32(0000000F), ref: 00DE280B
                    • DeleteObject.GDI32(00000000), ref: 00DE28F8
                    • DeleteObject.GDI32(00000000), ref: 00DE2915
                    • DeleteDC.GDI32(?), ref: 00DE2938
                    • ReleaseDC.USER32(?,?), ref: 00DE2950
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CreateDeleteObject$BrushCompatible$BitmapColorMessagePatternRectReleaseSelectSendWindow
                    • String ID:
                    • API String ID: 3344996563-0
                    • Opcode ID: 1b56183bc6d4da9a171c9eeb9f68dc5961829cda3dbc4f7dd551ff225bab1fba
                    • Instruction ID: 5d88237a3777a8a6c8d9a5329ebd3ad21c7dbe7c9f3fb13b49205ff6ba9becfa
                    • Opcode Fuzzy Hash: 1b56183bc6d4da9a171c9eeb9f68dc5961829cda3dbc4f7dd551ff225bab1fba
                    • Instruction Fuzzy Hash: 45916874900648DFDB11DF69C984BAEBBF5FF49304F18822EE816AB351E734A945CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBF0B0 Relevance: 18.1, APIs: 12, Instructions: 139windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetClientRect.USER32(?,?), ref: 00DBF0EE
                    • FillRect.USER32(00000000,?,00000000), ref: 00DBF10D
                    • DeleteObject.GDI32(00000000), ref: 00DBF114
                    • GetClientRect.USER32(?,?), ref: 00DBF16F
                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00DBF188
                    • CreateCompatibleDC.GDI32(00000000), ref: 00DBF195
                    • SelectObject.GDI32(00000000,00000000), ref: 00DBF1A7
                    • FillRect.USER32(00000000,?,00000000), ref: 00DBF1D0
                    • DeleteObject.GDI32(?), ref: 00DBF1DA
                    • BitBlt.GDI32(00000000,00000000,00000000,00000008,00000008,00000000,00000000,00000000,00CC0020), ref: 00DBF217
                    • SelectObject.GDI32(00000000,?), ref: 00DBF222
                    • DeleteDC.GDI32(00000000), ref: 00DBF229
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ObjectRect$Delete$ClientCompatibleCreateFillSelect$Bitmap
                    • String ID:
                    • API String ID: 441990398-0
                    • Opcode ID: 2cebae00e1b2ae0f8650583faea5776aff1da574102a624687f3a8819e794e80
                    • Instruction ID: 2d4b518790a307f14c4090d49f97cd2701af723bc9c1abb0926ad4b917394d71
                    • Opcode Fuzzy Hash: 2cebae00e1b2ae0f8650583faea5776aff1da574102a624687f3a8819e794e80
                    • Instruction Fuzzy Hash: 55416C7610430AEFD3119F65ED49F6BBBE8FF88B01F04482AF656D21A0DB71E8059B61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DEEB40 Relevance: 16.6, APIs: 11, Instructions: 144windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetFocus.USER32 ref: 00DEEB98
                    • IsChild.USER32(?,00000000), ref: 00DEEBA4
                    • GetParent.USER32(00000000), ref: 00DEEBB5
                    • GetParent.USER32(00000000), ref: 00DEEBC1
                    • GetParent.USER32(00000000), ref: 00DEEBC6
                    • SendMessageW.USER32(00000000,0000037F,00000000,?), ref: 00DEEBDC
                    • IsDialogMessageW.USER32(?,?), ref: 00DEEBF4
                    • GetFocus.USER32 ref: 00DEEBFE
                    • SendMessageW.USER32(00000000,00000087,00000000,00000000), ref: 00DEEC10
                    • SendMessageW.USER32(00000000,00000087,00000000,00000000), ref: 00DEEC72
                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00DEEC7B
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Message$ParentSend$Focus$ChildDialogLongWindow
                    • String ID:
                    • API String ID: 3344190228-0
                    • Opcode ID: 99acac5808d8ad9e8499793608f63f6db963202ab9306c32ce1b673444785293
                    • Instruction ID: e272785f38a4e7a4e330f3956b93a5b3984e39649a15395981d6767c02a392de
                    • Opcode Fuzzy Hash: 99acac5808d8ad9e8499793608f63f6db963202ab9306c32ce1b673444785293
                    • Instruction Fuzzy Hash: 6041E331201249DFEB21AB16CC88FBA77A9EF51354F284476F906CA2A0CB31DC45DBB1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E98EA0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 282COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID: Enabled$Progress$PropertyValue$Text$TimeRemaining$Visible
                    • API String ID: 0-2691827946
                    • Opcode ID: 1848680c8d6c99fc04b19a1ee10bcb049c42fc6d16d238a6bf2d18b2ee18016c
                    • Instruction ID: c4fd5a2827e1fa635d8eafe5e7d00ef8e367ddd0cb5ece3def5bc68604a83ffa
                    • Opcode Fuzzy Hash: 1848680c8d6c99fc04b19a1ee10bcb049c42fc6d16d238a6bf2d18b2ee18016c
                    • Instruction Fuzzy Hash: 49B18DB1A04349DFEB10DF48D94479EBBB1FB85324F10826EE825AB3D1D7759A10CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBEC80 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 119COMMON
                    Download Yara Rule
                    APIs
                    • EnterCriticalSection.KERNEL32(00F9D7FC,604EB446,00000000,?,?,?,?,?,?,00DBE4E0,00EFFACD,000000FF), ref: 00DBECBD
                    • LoadCursorW.USER32(00000000,00007F00), ref: 00DBED38
                    • LoadCursorW.USER32(00000000,00007F00), ref: 00DBEDDE
                    • LeaveCriticalSection.KERNEL32(00F9D7FC), ref: 00DBEE33
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalCursorLoadSection$EnterLeave
                    • String ID: @v$AtlAxWin140$AtlAxWinLic140$WM_ATLGETCONTROL$WM_ATLGETHOST
                    • API String ID: 3727441302-2968675339
                    • Opcode ID: 3ad53598c877f8a0182788cbca37ee616fa8ac379142c2e469712eeba413e200
                    • Instruction ID: 451cbbc3b16d0e8ba59bd8644eb168aa2ee9246689970eb26f9295db4057e89a
                    • Opcode Fuzzy Hash: 3ad53598c877f8a0182788cbca37ee616fa8ac379142c2e469712eeba413e200
                    • Instruction Fuzzy Hash: FE5117B1D0121DEFDB11DFA8D944BEEBFF8EB08714F14012AE805B7291D7B499099BA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E86BD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 43libraryCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryW.KERNEL32(?,?,00E6750B,?,?,?,?,?), ref: 00E86BE5
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LibraryLoad
                    • String ID: EndExtraction$ExtractAllFiles$GetTotalFilesSize$InitExtraction
                    • API String ID: 1029625771-3462492388
                    • Opcode ID: ef4dd4029af543ec638ca2abab57a41984abcfe50e880fb5322893a3c8d97e01
                    • Instruction ID: 1a79def8f8bf16f81d8b430010ac1af85a8c3f5451d4d070fb8413ef29d7acce
                    • Opcode Fuzzy Hash: ef4dd4029af543ec638ca2abab57a41984abcfe50e880fb5322893a3c8d97e01
                    • Instruction Fuzzy Hash: 36018FF5944728ABCB24EF28EC148557F61F705756710441BE918D7321CB30A846FFA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC27C0 Relevance: 15.1, APIs: 10, Instructions: 97windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetDC.USER32(?), ref: 00DC2801
                    • GetClientRect.USER32(?,?), ref: 00DC2829
                    • CreateCompatibleDC.GDI32(?), ref: 00DC283A
                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00DC285A
                    • DeleteDC.GDI32(00000000), ref: 00DC2867
                    • FillRect.USER32(?,?,00000006), ref: 00DC28AC
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CompatibleCreateRect$BitmapClientDeleteFill
                    • String ID:
                    • API String ID: 1262984673-0
                    • Opcode ID: b140d27b8989ac8bf1365fb09c02ffe9755e2c7678278f0d0d7a34f359b9c187
                    • Instruction ID: bdab16dcff7f60a088cac28439d1cdb95ac3dafb1d0818fce3be016e4c008fe0
                    • Opcode Fuzzy Hash: b140d27b8989ac8bf1365fb09c02ffe9755e2c7678278f0d0d7a34f359b9c187
                    • Instruction Fuzzy Hash: C9317E7251830A9FD714EF29DC48B2BBBE8BF98314F44082EF88693221D771D810DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E4B3A0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 486COMMON
                    Download Yara Rule
                    APIs
                    • GetStdHandle.KERNEL32(000000F5,?,604EB446,?,?), ref: 00E4B71F
                    • GetConsoleScreenBufferInfo.KERNEL32(00000000,?,?), ref: 00E4B726
                    • GetStdHandle.KERNEL32(000000F5,0000000C,?,?), ref: 00E4B73A
                    • SetConsoleTextAttribute.KERNEL32(00000000,?,?), ref: 00E4B741
                      • Part of subcall function 00EDE23A: EnterCriticalSection.KERNEL32(00F9C82C,?,?,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE245
                      • Part of subcall function 00EDE23A: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE282
                    • GetStdHandle.KERNEL32(000000F5,000000FF,?,00000000,00000000,00000000,00F44998,00000002,?,?), ref: 00E4B7D5
                    • SetConsoleTextAttribute.KERNEL32(00000000,?,?), ref: 00E4B7DC
                    • IsWindow.USER32(00000000), ref: 00E4B9F5
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ConsoleHandle$AttributeCriticalSectionText$BufferEnterInfoLeaveScreenWindow
                    • String ID: Error
                    • API String ID: 2793546057-2619118453
                    • Opcode ID: 3f1839731cf119752451eb83eb5b8ed383b05d5a23b55dc68295140584ebd93b
                    • Instruction ID: fdd626c0b58159e766baeec2e0100abe3b75b30e5873cce85caa1fe898824929
                    • Opcode Fuzzy Hash: 3f1839731cf119752451eb83eb5b8ed383b05d5a23b55dc68295140584ebd93b
                    • Instruction Fuzzy Hash: B8224670D00358DFDB20DFA4D845BDEBBB4EF45318F204299E419AB291DB74AA88DF61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E22470 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 373windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,0000110A,00000004,?), ref: 00E2255A
                    • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00E227DC
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID: Child$Cost$Neg$Parent$Pos$Sel
                    • API String ID: 3850602802-107250081
                    • Opcode ID: cfbc1b8a08316435f39b738857be8081ccfcbf7ea4a859b935cce8b4fcc20727
                    • Instruction ID: 8123e3e90355a0a8f7f5a0d900bc8f0d689f52e40539b9fde7aa56b8665a0adf
                    • Opcode Fuzzy Hash: cfbc1b8a08316435f39b738857be8081ccfcbf7ea4a859b935cce8b4fcc20727
                    • Instruction Fuzzy Hash: 59F17B30D00218DFDB14DFA8C955BDEBBB5EF48704F10819AE50AB7291DB70AE45DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E1A6B0 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 364windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00E1A786
                    • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00E1AA09
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID: Child$Cost$Neg$Parent$Pos$Sel
                    • API String ID: 3850602802-107250081
                    • Opcode ID: 70f90b2c10767d0dce0f839fbb66f4ef46d510fe7304a6a769f8f258ed09314b
                    • Instruction ID: 603d45ae0ac1a19c81aa0444e146b63ca7b13470e27173539f153f588fcb7053
                    • Opcode Fuzzy Hash: 70f90b2c10767d0dce0f839fbb66f4ef46d510fe7304a6a769f8f258ed09314b
                    • Instruction Fuzzy Hash: 98E19C30901218DFDB14DFA4CC45BEEBBB5FF48304F14419AE509A7291DB70AE85CBA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E78EF0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 343synchronizationCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                    • ResetEvent.KERNEL32(?,?,00000000,?), ref: 00E78F7A
                    • SetEvent.KERNEL32(?,?,?,00000000,?), ref: 00E78FB3
                    • ResetEvent.KERNEL32(?,?,?,00000000,?), ref: 00E79149
                    • SetEvent.KERNEL32(?,?,?,?,00000000,?), ref: 00E7917B
                    • ResetEvent.KERNEL32(?), ref: 00E79256
                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E79273
                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E7927A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Event$Reset$ObjectSingleWait$HeapProcess
                    • String ID: FTP Server
                    • API String ID: 1342830040-688436434
                    • Opcode ID: 6c740dacede7934f8ed9a0cf4dfb6c6ad0c5e222f071c699c461f77d5ba32a25
                    • Instruction ID: 8108cb7ace75a2f80d9e994d6318b5a557c7cef360861b922cce6c1c4deb84c4
                    • Opcode Fuzzy Hash: 6c740dacede7934f8ed9a0cf4dfb6c6ad0c5e222f071c699c461f77d5ba32a25
                    • Instruction Fuzzy Hash: F6D19270A00249DFDB00DF68C988B9EBBB5FF49324F148259E919AB392D774DD44DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E4E710 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 339libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr,?,604EB446,?,00000000,?,?), ref: 00E4EB33
                    • GetProcAddress.KERNEL32(00000000), ref: 00E4EB3A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProc
                    • String ID: -> $%hs()$%hs:%ld$Dbghelp.dll$SymFromAddr$[0x%.8Ix]
                    • API String ID: 2574300362-1541941317
                    • Opcode ID: bc5d2572a2c6217ae43d608ff8ad738a294692f4c5334cf64bac9a92879629f8
                    • Instruction ID: 778917f1b1f7bcd1ed4e122c26b3af187acc1701438df56091a1e782ec73bfa6
                    • Opcode Fuzzy Hash: bc5d2572a2c6217ae43d608ff8ad738a294692f4c5334cf64bac9a92879629f8
                    • Instruction Fuzzy Hash: 35E17C71900259DFDB24DF64CC99BEEBBB4FF44304F104699E809A7281DB799A84CFA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E22010 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 309windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,0000110A,00000004,?), ref: 00E22199
                      • Part of subcall function 00E06400: SendMessageW.USER32 ref: 00E06440
                    • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00E2220A
                    Strings
                    • MsiSelectionTreeChildrenCost, xrefs: 00E22359
                    • MsiSelectonTreeChildrenCount, xrefs: 00E22241
                    • MsiSelectionTreeSelectedCost, xrefs: 00E223F0
                    • MsiSelectionTreeInstallingChildrenCount, xrefs: 00E222CD
                    • MsiSelectionTreeSelectedAction, xrefs: 00E22118
                    • MsiSelectionTreeSelectedFeature, xrefs: 00E22070
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID: MsiSelectionTreeChildrenCost$MsiSelectionTreeInstallingChildrenCount$MsiSelectionTreeSelectedAction$MsiSelectionTreeSelectedCost$MsiSelectionTreeSelectedFeature$MsiSelectonTreeChildrenCount
                    • API String ID: 3850602802-306884365
                    • Opcode ID: cdbada2d3ad5209f3274cbb26ebf0f48263bc0f4acbf8f10f123e9d4b5c21280
                    • Instruction ID: 170548e58893ce32b0fd82a5c18f28078d540fe511d2a0663121eaaeaaaa5717
                    • Opcode Fuzzy Hash: cdbada2d3ad5209f3274cbb26ebf0f48263bc0f4acbf8f10f123e9d4b5c21280
                    • Instruction Fuzzy Hash: 82D13770D01308EBDB14EFA8C945B9DBBB5EF45314F204298E4256F2E2DB74AE06DB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E1A250 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 309windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,0000110A,00000004,000007D7), ref: 00E1A3D9
                      • Part of subcall function 00E06400: SendMessageW.USER32 ref: 00E06440
                    • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00E1A44A
                    Strings
                    • MsiSelectionTreeChildrenCost, xrefs: 00E1A599
                    • MsiSelectonTreeChildrenCount, xrefs: 00E1A481
                    • MsiSelectionTreeSelectedCost, xrefs: 00E1A62D
                    • MsiSelectionTreeInstallingChildrenCount, xrefs: 00E1A50D
                    • MsiSelectionTreeSelectedAction, xrefs: 00E1A358
                    • MsiSelectionTreeSelectedFeature, xrefs: 00E1A2B0
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID: MsiSelectionTreeChildrenCost$MsiSelectionTreeInstallingChildrenCount$MsiSelectionTreeSelectedAction$MsiSelectionTreeSelectedCost$MsiSelectionTreeSelectedFeature$MsiSelectonTreeChildrenCount
                    • API String ID: 3850602802-306884365
                    • Opcode ID: 1d66b52afadaa2e44c78bd818e90e94267ec061449a5da050f27d24e1fe1be43
                    • Instruction ID: 21a2255c2dfca112247f9e7bbaf679b6600f5f8d3543ce2dea6068c241476f9b
                    • Opcode Fuzzy Hash: 1d66b52afadaa2e44c78bd818e90e94267ec061449a5da050f27d24e1fe1be43
                    • Instruction Fuzzy Hash: 0CD12670901308DBDB14EFA8C949BDEBBB5EF45314F204298E4256F2D2DB74AE05DB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DEECE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 212threadwindowCOMMON
                    Download Yara Rule
                    APIs
                    • GetDC.USER32(?), ref: 00DEED3D
                      • Part of subcall function 00DF3AE0: SetWindowRgn.USER32(00000004,00000000,00000001), ref: 00DF3B45
                      • Part of subcall function 00E48CF0: SendMessageW.USER32(?,00000080,00000001,00000000), ref: 00E48D34
                      • Part of subcall function 00E48CF0: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00E48D3F
                    • GetCurrentThreadId.KERNEL32 ref: 00DEEE63
                    • GetDC.USER32(?), ref: 00DEEEA9
                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DEEEB2
                    • MulDiv.KERNEL32(00000010,00000000,00000060), ref: 00DEEEBD
                    • SendMessageW.USER32(?,00000127,00030003,00000000), ref: 00DEEEE8
                    Strings
                    • AI_HIDE_CAPTION_ICON_AND_TEXT, xrefs: 00DEEE07
                    • AI_HIDE_CAPTION_ICON_AND_TEXT_ALL, xrefs: 00DEED7B
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend$CapsCurrentDeviceThreadWindow
                    • String ID: AI_HIDE_CAPTION_ICON_AND_TEXT$AI_HIDE_CAPTION_ICON_AND_TEXT_ALL
                    • API String ID: 4038091997-1831360935
                    • Opcode ID: c7204dc918882f0beb83a747b377d58bc6a0da5ad62028112c54831832ecb268
                    • Instruction ID: a364cc5e1f623e80f85ed5911b394a885844484bbe59e2454b848dd05294a83d
                    • Opcode Fuzzy Hash: c7204dc918882f0beb83a747b377d58bc6a0da5ad62028112c54831832ecb268
                    • Instruction Fuzzy Hash: 77819D71A04249EFCB14EF68CC45BADBBB5FF45704F044199E90AA7291DB70AE04DBE2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E7AC30 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 178fileCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                      • Part of subcall function 00DB9230: FindResourceW.KERNEL32(00000000,?,00000006,?,000000FF,?,00E828EB,\\.\pipe\ToServer,?,?,?,00000000,00F15C26,000000FF,?,80004005), ref: 00DB9257
                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,ps1,ps1,00000003,?,00E5B0B8), ref: 00E7AD23
                    • WriteFile.KERNEL32(00000000,0000FEFF,00000002,?,00000000), ref: 00E7AD67
                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 00E7AD84
                    • CloseHandle.KERNEL32(00000000), ref: 00E7AD9E
                    • CloseHandle.KERNEL32(00000000,?,?,00000000,00000000), ref: 00E7ADDD
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: File$CloseHandleWrite$CreateFindHeapProcessResource
                    • String ID: Unable to get temp file $Unable to save script file $ps1
                    • API String ID: 3201387394-4253966538
                    • Opcode ID: 8cff3401f08bc943480c0b02164f0f5dc43a751e09cf54a6d9dbaf1dbb6fcdac
                    • Instruction ID: bdf78ba75f88171516120aa43a2038fa4762900ebc089d8c64f978506940d786
                    • Opcode Fuzzy Hash: 8cff3401f08bc943480c0b02164f0f5dc43a751e09cf54a6d9dbaf1dbb6fcdac
                    • Instruction Fuzzy Hash: F451E370900249AFDB10DB68CD05BDEBBB8EF45318F148268FA05BB2D2D7749E44DBA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E4E9F0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 172libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr,?,604EB446,?,00000000,?,?), ref: 00E4EB33
                    • GetProcAddress.KERNEL32(00000000), ref: 00E4EB3A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProc
                    • String ID: -> $%hs()$-----$Dbghelp.dll$SymFromAddr$[0x%.8Ix]
                    • API String ID: 2574300362-2116945222
                    • Opcode ID: b6d69d949cf422eac5f47b928e5749efdbaa10c70a47a4834d6632dcbb613738
                    • Instruction ID: 0a7d3c6885ce65bc971384b52647f92abe501679efeb8c04177bea40236554ec
                    • Opcode Fuzzy Hash: b6d69d949cf422eac5f47b928e5749efdbaa10c70a47a4834d6632dcbb613738
                    • Instruction Fuzzy Hash: BD619FB1900249DFDB24DF64DC46BEE7BB8FF08308F10451AF906A7681DB74AA54DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EFC0D3 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMON
                    Download Yara Rule
                    APIs
                    • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,00EFCEAF), ref: 00EFC0EC
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DecodePointer
                    • String ID: acos$asin$exp$log$log10$pow$sqrt
                    • API String ID: 3527080286-3064271455
                    • Opcode ID: fb1f23920f839b1d2f057780a39b19204870fa26cf279fc0323995109ccf9e0b
                    • Instruction ID: 9d4f24a8c2087fbce0144fcfa34b7f770f02d59341bf7e79ac59bba38e275cdf
                    • Opcode Fuzzy Hash: fb1f23920f839b1d2f057780a39b19204870fa26cf279fc0323995109ccf9e0b
                    • Instruction Fuzzy Hash: EA518FB1900A0ECBEB109FE8EA481FD7BB4FF45318F705145D681B6265CB718A26DF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E74690 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108processsynchronizationCOMMON
                    Download Yara Rule
                    APIs
                    • Wow64DisableWow64FsRedirection.KERNEL32(00000000,604EB446,?,?), ref: 00E746D7
                    • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,604EB446,00F225DD), ref: 00E7474F
                    • GetLastError.KERNEL32 ref: 00E74760
                    • WaitForSingleObject.KERNEL32(00F225DD,000000FF), ref: 00E7477C
                    • GetExitCodeProcess.KERNEL32(00F225DD,00000000), ref: 00E7478D
                    • CloseHandle.KERNEL32(00F225DD), ref: 00E74797
                    • Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 00E747B2
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Wow64$ProcessRedirection$CloseCodeCreateDisableErrorExitHandleLastObjectRevertSingleWait
                    • String ID: D
                    • API String ID: 1153077990-2746444292
                    • Opcode ID: 562fa4e6bdaa7cd3b67eb7ebbf5dcb8d2d575d64d50df1076e42f1d0af53c2b4
                    • Instruction ID: 835b8e08669fd44a20a10c1ce3f0c8e2194e801321a9a4e1f0b278c9966ca9f8
                    • Opcode Fuzzy Hash: 562fa4e6bdaa7cd3b67eb7ebbf5dcb8d2d575d64d50df1076e42f1d0af53c2b4
                    • Instruction Fuzzy Hash: 924180B1E04349ABDB14CFA4CD047EEBBF9AF4A314F14965AF824A7294D7709A40DB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DD2BC8 Relevance: 13.7, APIs: 9, Instructions: 241memoryCOMMON
                    Download Yara Rule
                    APIs
                    • VariantClear.OLEAUT32(?), ref: 00DD2C12
                    • SysAllocString.OLEAUT32(00000000), ref: 00DD2C23
                    • VariantClear.OLEAUT32(?), ref: 00DD2C51
                    • VariantClear.OLEAUT32(?), ref: 00DD2C84
                    • SysFreeString.OLEAUT32(00000000), ref: 00DD2C8F
                    • VariantClear.OLEAUT32(?), ref: 00DD2E6B
                    • VariantClear.OLEAUT32(?), ref: 00DD2EA7
                    • SysFreeString.OLEAUT32(00000000), ref: 00DD2EB5
                    • SysAllocString.OLEAUT32(00000000), ref: 00DD2ED9
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ClearVariant$String$AllocFree
                    • String ID:
                    • API String ID: 1305860026-0
                    • Opcode ID: f079445870eb4a31e99850e55cfb32bfef94be54126e2402cf5ac08604773aaf
                    • Instruction ID: 15ce8f569ca878b1272e8120ec7a169fceb7242b87accdad114f3de6f64b1a58
                    • Opcode Fuzzy Hash: f079445870eb4a31e99850e55cfb32bfef94be54126e2402cf5ac08604773aaf
                    • Instruction Fuzzy Hash: AB918D71A0025CDFDB20DFA8CD49BEEBBB8EF15304F14419AE909A7381DB759A44CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E50120 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                    Download Yara Rule
                    APIs
                    • IsWindowVisible.USER32 ref: 00E50136
                    • SendMessageW.USER32(?,0000000B,00000000,00000000), ref: 00E50152
                    • GetWindowLongW.USER32(?,000000F0), ref: 00E50158
                    • GetDlgItem.USER32(?,?), ref: 00E501CA
                    • GetWindowRect.USER32(00000000,?), ref: 00E501E2
                    • MapWindowPoints.USER32(00000000,?,00000002,00000002), ref: 00E501F3
                    • SetWindowPos.USER32(00000014,00000000,?,00000002,00000002,?,00000014,?,00000002,00000002,?,?,?,000000F0,?,00000000), ref: 00E5026F
                    • SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 00E502A3
                    • RedrawWindow.USER32(?,00000000,00000000,00000185), ref: 00E502B0
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$MessageSend$ItemLongPointsRectRedrawVisible
                    • String ID:
                    • API String ID: 3196996609-0
                    • Opcode ID: 7bfc11878b28040582578ec7cd3ac0950e3925101f3e8563770f06b914114d21
                    • Instruction ID: a069557a7e0aaca7625d56aab78bc639fefcfd2bd3c0ade424500694a2ed4668
                    • Opcode Fuzzy Hash: 7bfc11878b28040582578ec7cd3ac0950e3925101f3e8563770f06b914114d21
                    • Instruction Fuzzy Hash: 1F515930204301DFD724CF69DD89B2ABBE1BF84709F144A1DF985AB2A1D771E848CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE4550 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 217COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowRect.USER32(00F0716D,?), ref: 00DE45A3
                    • GetClientRect.USER32(00F0716D,?), ref: 00DE45B9
                    • ClientToScreen.USER32(00F0716D,?), ref: 00DE45CE
                    • ClientToScreen.USER32(00F0716D,?), ref: 00DE45DA
                    • SetWindowPos.USER32(00F0716D,00000000,00000000,00000000,00000001,?,00000016), ref: 00DE465B
                    • SetWindowPos.USER32(00F0716D,00000000,00000000,00000000,00000000,00000000,00000237), ref: 00DE4698
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ClientWindow$RectScreen
                    • String ID: AI_CF_TITLE_TEXT_STYLE
                    • API String ID: 971099211-878329017
                    • Opcode ID: 5adeeb7f31b373ea48014e0043b27657bc6c30ddd8c3ce66141a3e5a69b97e70
                    • Instruction ID: 37ac9746dabe96d61c3832be97d66e9bbd786e948b0bae63ee4915ab3e4c249d
                    • Opcode Fuzzy Hash: 5adeeb7f31b373ea48014e0043b27657bc6c30ddd8c3ce66141a3e5a69b97e70
                    • Instruction Fuzzy Hash: A5911571E00249DFDB14DFA9C944B9DBBF5FF49310F148259E415AB2A0EB70AA44CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E0CD40 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 214windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E0CECA
                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00E0CF01
                    • SendMessageW.USER32(?,000000C5,?,00000000), ref: 00E0CF68
                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 00E0CFA1
                    • RedrawWindow.USER32(?,00000000,00000000,00000541), ref: 00E0CFB3
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$MessageSend$AllocateHeapLongRedraw
                    • String ID: 4$ComboBox
                    • API String ID: 3081057505-2082171053
                    • Opcode ID: 8120ab546065e6a7932863a9661308a681a73f1b44db7c9d1f34a14af37756f1
                    • Instruction ID: efacb9c1ab395f29815f7645a17a0da9dd8ac3887f24a753c1ec11dcad71510f
                    • Opcode Fuzzy Hash: 8120ab546065e6a7932863a9661308a681a73f1b44db7c9d1f34a14af37756f1
                    • Instruction Fuzzy Hash: 67817B71A006059FDB14DF68CC89FAABBF5FF88314F10465DF516AB2A0DB70A940CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E747E0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 166synchronizationCOMMON
                    Download Yara Rule
                    APIs
                    • ShellExecuteExW.SHELL32(0000003C), ref: 00E74956
                    • GetLastError.KERNEL32 ref: 00E74967
                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00E74983
                    • GetExitCodeProcess.KERNEL32(00000000,00F22667), ref: 00E74994
                    • CloseHandle.KERNEL32(00000000), ref: 00E749A2
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CloseCodeErrorExecuteExitHandleLastObjectProcessShellSingleWait
                    • String ID: <$open
                    • API String ID: 1481985272-1930408713
                    • Opcode ID: d85cd0a067743e805b966a9647c30c688eb848e40df3f8468d189f1964a8656a
                    • Instruction ID: 02ac238ea7a1a1057b9e17f5488698226ae2892bb2dc37af78dd5308fd3ef479
                    • Opcode Fuzzy Hash: d85cd0a067743e805b966a9647c30c688eb848e40df3f8468d189f1964a8656a
                    • Instruction Fuzzy Hash: 26615AB1E006499FDB10CF68C84479EBBB4FF85328F148259E929AB3D1D7759D01CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E12380 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149memorywindowCOMMON
                    Download Yara Rule
                    APIs
                    • SysAllocString.OLEAUT32(?), ref: 00E123C7
                    • SendMessageW.USER32(00000000), ref: 00E123F5
                    • VariantClear.OLEAUT32(?), ref: 00E12406
                    • SysAllocString.OLEAUT32(?), ref: 00E12485
                    • SendMessageW.USER32(00000000,?,?), ref: 00E124B7
                    • VariantClear.OLEAUT32(?), ref: 00E124C5
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: AllocClearMessageSendStringVariant
                    • String ID: MsiPropertyChanged
                    • API String ID: 3418202047-1228265352
                    • Opcode ID: 2375c585bf36317484ef6d2e41e151c1f6a59dd9dcd88591e1925ad214e36338
                    • Instruction ID: d35ecf255bd96f4a6e046b58aa0ad2bb5bba372b8ed57892e0c99d07ef6893ba
                    • Opcode Fuzzy Hash: 2375c585bf36317484ef6d2e41e151c1f6a59dd9dcd88591e1925ad214e36338
                    • Instruction Fuzzy Hash: 6441A57590024CEFCB10DFA4D944BDEBBF8FF08324F10416AE911A7680DB74A944CBA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E1E8B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 110windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00E1FC10: EnterCriticalSection.KERNEL32(00F9D5C4), ref: 00E1FC58
                      • Part of subcall function 00E1FC10: LoadLibraryW.KERNEL32(uxtheme.dll), ref: 00E1FC70
                      • Part of subcall function 00E1FC10: FreeLibrary.KERNEL32(00000000), ref: 00E1FC88
                      • Part of subcall function 00E1FC10: LeaveCriticalSection.KERNEL32(00F9D5C4), ref: 00E1FC8F
                    • GetWindowDC.USER32(?,?,?,?,?,?,?,?,?,?,00E1E569,?,?), ref: 00E1E90A
                    • GetWindowRect.USER32(?,?), ref: 00E1E922
                    • ExcludeClipRect.GDI32(00000000,?,?,?,?), ref: 00E1E97A
                    • IsWindowEnabled.USER32(?), ref: 00E1E9A1
                    • GetFocus.USER32 ref: 00E1E9B2
                    • ReleaseDC.USER32(?,00000000), ref: 00E1E9E6
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$CriticalLibraryRectSection$ClipEnabledEnterExcludeFocusFreeLeaveLoadRelease
                    • String ID: edit
                    • API String ID: 531025606-2167791130
                    • Opcode ID: 832c82992337a9b68336255e773d0d80729e29a69a75ee3715955bba9dd5622a
                    • Instruction ID: 6b8eecbc405361b57a8eeae3d81b6d58e7cbd551d70e32286b55474a38794a90
                    • Opcode Fuzzy Hash: 832c82992337a9b68336255e773d0d80729e29a69a75ee3715955bba9dd5622a
                    • Instruction Fuzzy Hash: 8B41B071604305AFD700EF30DD89AABF7A5FF88304F005A1AF999A2251D734E990DBD1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E38550 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 100libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • GetModuleHandleW.KERNEL32(Advapi32.dll,604EB446,Function_0012B08E,00000000,?,Function_0014E430,000000FF,?,00E384FD,?,?,?,?,604EB446), ref: 00E38589
                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 00E38599
                    • GetModuleHandleW.KERNEL32(Advapi32.dll,604EB446,Function_0012B08E,00000000,?,Function_0014E430,000000FF,?,00E384FD,?,?,?,?,604EB446), ref: 00E385F9
                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00E38609
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: AddressHandleModuleProc
                    • String ID: Advapi32.dll$RegDeleteKeyExW$RegDeleteKeyTransactedW
                    • API String ID: 1646373207-1053001802
                    • Opcode ID: 63cb52ae95ed435b19d2f42fdf89053ca42c57fc3760f758966d5ed6452af4ff
                    • Instruction ID: 4770895ef62b43c133765e38bee0f195d9e72e7f6d695678a2f6da62f35622a2
                    • Opcode Fuzzy Hash: 63cb52ae95ed435b19d2f42fdf89053ca42c57fc3760f758966d5ed6452af4ff
                    • Instruction Fuzzy Hash: C831C672648308EFDB219F44ED05B96BFE5EB44B10F10416BFD05E2690DB75A410EF95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E08AB0 Relevance: 12.2, APIs: 8, Instructions: 196COMMON
                    Download Yara Rule
                    APIs
                    • GetClientRect.USER32(?,?), ref: 00E08AE3
                    • GetSystemMetrics.USER32(00000003), ref: 00E08B05
                    • GetSystemMetrics.USER32(00000002), ref: 00E08B0D
                    • GetClientRect.USER32(00000000,?), ref: 00E08BD3
                    • ShowWindow.USER32(?,00000000), ref: 00E08C31
                    • ShowWindow.USER32(?,00000000), ref: 00E08C47
                    • ShowWindow.USER32(?,00000000), ref: 00E08CF1
                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00E08D03
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Show$ClientMetricsRectSystem$Redraw
                    • String ID:
                    • API String ID: 2470963444-0
                    • Opcode ID: 10c1f533cfef82377e29a3e662f6fd56045978379e603ed62059718805fbe45d
                    • Instruction ID: 6c30ae456638bd938b5d1f4f8321165fb488d3a98ae56e7920e27778ede7679c
                    • Opcode Fuzzy Hash: 10c1f533cfef82377e29a3e662f6fd56045978379e603ed62059718805fbe45d
                    • Instruction Fuzzy Hash: A0711671618745AFE704CF68CD85B2ABBE5FF88714F004A1EF584D2290DBB1E894DB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC8B80 Relevance: 12.1, APIs: 8, Instructions: 138COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowRect.USER32(?,?), ref: 00DC8BAA
                    • GetWindow.USER32(?,00000005), ref: 00DC8BB7
                    • GetWindow.USER32(00000000,00000002), ref: 00DC8CF2
                      • Part of subcall function 00DC8A00: GetWindowRect.USER32(?,?), ref: 00DC8A2C
                      • Part of subcall function 00DC8A00: GetWindowRect.USER32(?,?), ref: 00DC8A3C
                    • GetWindowRect.USER32(?,?), ref: 00DC8C4B
                    • GetWindowRect.USER32(00000000,?), ref: 00DC8C5B
                    • GetWindowRect.USER32(00000000,?), ref: 00DC8C75
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Rect
                    • String ID:
                    • API String ID: 3200805268-0
                    • Opcode ID: c1975a1a7d7f84ab589b261bfd10eb2ff9d96ae1738f9cdd2573313039fd7ed0
                    • Instruction ID: 0bc92725ead9ff4a80ef2583e7ebbb64d7a51870980bfb0ee6ed56acfcd3a564
                    • Opcode Fuzzy Hash: c1975a1a7d7f84ab589b261bfd10eb2ff9d96ae1738f9cdd2573313039fd7ed0
                    • Instruction Fuzzy Hash: 2C418B315047429FC321DB29CA80E6BF7E9BF96704F544A1EF48693561EB30E988DB72
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E0A0A0 Relevance: 12.1, APIs: 8, Instructions: 125COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowDC.USER32(?,604EB446,?,00000000,?,?,?,?,?,00000000,00F0E405,000000FF,?,00E09DA2), ref: 00E0A0DF
                    • GetWindowRect.USER32(?,?), ref: 00E0A0FE
                    • IsWindowEnabled.USER32(?), ref: 00E0A10D
                    • SelectObject.GDI32(00000000,00000000), ref: 00E0A16B
                    • ExcludeClipRect.GDI32(?,?,?,?,?), ref: 00E0A195
                    • SelectObject.GDI32(?,?), ref: 00E0A1AF
                    • DeleteObject.GDI32(00000000), ref: 00E0A1BE
                    • DeleteDC.GDI32(?), ref: 00E0A1E1
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ObjectWindow$DeleteRectSelect$ClipEnabledExclude
                    • String ID:
                    • API String ID: 3871716574-0
                    • Opcode ID: 5d70f4110859f94f5105958cbc8c1904383e2ae42c24280a25c4041f790ee0d7
                    • Instruction ID: a6c5b82ce9d385c9ca1e5c89d826e947814583334457e02bf570c456d9b419dd
                    • Opcode Fuzzy Hash: 5d70f4110859f94f5105958cbc8c1904383e2ae42c24280a25c4041f790ee0d7
                    • Instruction Fuzzy Hash: 82414C71A00219AFDB14DFA9DD48BAEBBB9FF88711F10422AF905B7290C7755D01DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E1C740 Relevance: 12.1, APIs: 8, Instructions: 125COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowDC.USER32(?,604EB446,?,00000000,?,?,?,?,?,?,?,00000000,00F02995,000000FF,?,00E1C30C), ref: 00E1C782
                    • GetWindowRect.USER32(?,?), ref: 00E1C7A1
                    • IsWindowEnabled.USER32(?), ref: 00E1C7B0
                    • SelectObject.GDI32(00000000,00000000), ref: 00E1C80E
                    • ExcludeClipRect.GDI32(?,?,?,?,?), ref: 00E1C838
                    • SelectObject.GDI32(?,?), ref: 00E1C852
                    • DeleteObject.GDI32(00000000), ref: 00E1C861
                    • DeleteDC.GDI32(?), ref: 00E1C884
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ObjectWindow$DeleteRectSelect$ClipEnabledExclude
                    • String ID:
                    • API String ID: 3871716574-0
                    • Opcode ID: a876d81bc76e22d9a22ab0c156c9271e6a9b8af1a99e8dbc16281531809024a3
                    • Instruction ID: 2de22d0efc76eb61a9bccabd686b4b99f0f76d4a6bf0a80d8993adf2b03617e1
                    • Opcode Fuzzy Hash: a876d81bc76e22d9a22ab0c156c9271e6a9b8af1a99e8dbc16281531809024a3
                    • Instruction Fuzzy Hash: BE414E71A00219AFDB14DFA5DD88BEEBBB9FB88711F10422AE905A7290C7755D40DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2B330 Relevance: 12.1, APIs: 8, Instructions: 116COMMON
                    Download Yara Rule
                    APIs
                    • GetDC.USER32(?), ref: 00E2B3B2
                    • GetClientRect.USER32(00000001,?), ref: 00E2B3D8
                    • SelectObject.GDI32(00000000,?), ref: 00E2B3E5
                    • DrawTextW.USER32(?,00F4C084,000000FF,?,?), ref: 00E2B413
                    • SelectObject.GDI32(?,?), ref: 00E2B41E
                    • DrawTextW.USER32(?,00F4C084,000000FF,?,?), ref: 00E2B43D
                    • SelectObject.GDI32(?,00000000), ref: 00E2B444
                    • ReleaseDC.USER32(?,?), ref: 00E2B46D
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ObjectSelect$DrawText$ClientRectRelease
                    • String ID:
                    • API String ID: 4188160070-0
                    • Opcode ID: 8fca03cff0f3499fb09e188e264bf451403285b56d224029069edac0601997ff
                    • Instruction ID: fadf294487af5d9029e0b58ca39d5a62bd55aa75467dacb9f9300f8422521aab
                    • Opcode Fuzzy Hash: 8fca03cff0f3499fb09e188e264bf451403285b56d224029069edac0601997ff
                    • Instruction Fuzzy Hash: F1416B72C0425CEFDB10DFA9DA44A9DBBF8FF08324F15426AE815B72A1D770A941DB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DD45B0 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 445windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 00DD4680
                      • Part of subcall function 00EDE23A: EnterCriticalSection.KERNEL32(00F9C82C,?,?,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE245
                      • Part of subcall function 00EDE23A: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE282
                      • Part of subcall function 00EDE1F0: EnterCriticalSection.KERNEL32(00F9C82C,?,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE1FA
                      • Part of subcall function 00EDE1F0: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE22D
                      • Part of subcall function 00EDE1F0: RtlWakeAllConditionVariable.NTDLL ref: 00EDE2A4
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave$ConditionMessageSendVariableWake
                    • String ID: AiFeatIco
                    • API String ID: 2075478304-859831556
                    • Opcode ID: 1f87670ef81471174dca9fca86e082c0eeb0156eb933d351fed9747bce373b91
                    • Instruction ID: 5d2c2af22655bd76f62aa51418b90df7c425eeb9e680d3c8df28b0633213a947
                    • Opcode Fuzzy Hash: 1f87670ef81471174dca9fca86e082c0eeb0156eb933d351fed9747bce373b91
                    • Instruction Fuzzy Hash: BE128D71900249DFDF14DF68C985BED7BB5FF58304F28416AE805AB392DB70AA04DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E569C0 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 408fileCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                    • CopyFileW.KERNEL32(?,?,00000000,00000000,00000000), ref: 00E56B98
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CopyFileHeapProcess
                    • String ID: AI_PRODUCTNAME_ARP$ProductName$\\?\$instname-custom.mst$instname-target.msi
                    • API String ID: 3317225124-2776905159
                    • Opcode ID: ab917bc2897a7b938e3db373dcfd804033a8f8a8d39734aca01aa4dca2d95fcb
                    • Instruction ID: faa3c9e1c18b9e9df0d49989b424f866e17cb34edf52ec924b8ff47f94485f5a
                    • Opcode Fuzzy Hash: ab917bc2897a7b938e3db373dcfd804033a8f8a8d39734aca01aa4dca2d95fcb
                    • Instruction Fuzzy Hash: BCE19F30A016499FDB00DFA9C845B9EFBF4EF45315F148669E815EB292EB34DD08CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC44E0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 269COMMON
                    Download Yara Rule
                    APIs
                    • EnterCriticalSection.KERNEL32(00F9D5C4,604EB446,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00F00965), ref: 00DC454A
                    • GetModuleFileNameW.KERNEL32(0000FFFF,00000104,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00F00965), ref: 00DC45CA
                    • EnterCriticalSection.KERNEL32(00F9D5E0,?,?,?,?,?,?,?,?,?,?,?,00000000,00F00965,000000FF), ref: 00DC4783
                    • LeaveCriticalSection.KERNEL32(00F9D5E0,?,?,?,?,?,?,?,?,?,?,00000000,00F00965,000000FF), ref: 00DC47A4
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$Enter$FileLeaveModuleName
                    • String ID: @v
                    • API String ID: 1807155316-311380672
                    • Opcode ID: ee2ff45e7442c201f645c36f828b310ceb25563b72793e0ba5b3ee165a399e74
                    • Instruction ID: 9b39f7fa9ec08bb4947e1854d75cabcbd0630a75f7a878a385c01045630cae53
                    • Opcode Fuzzy Hash: ee2ff45e7442c201f645c36f828b310ceb25563b72793e0ba5b3ee165a399e74
                    • Instruction Fuzzy Hash: CCB17E7490434ADFDB11DFA8C898FAEBBB4BF49314F28405DE804AB291C775AD44DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E14AB0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 265windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 00E14B11
                    • SendMessageW.USER32(?,0000104D,00000000,?), ref: 00E14DB8
                    • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 00E14DFB
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID: AiIndirectListProperty$ListBox$`Property` = '
                    • API String ID: 3850602802-3253846292
                    • Opcode ID: 2e4112d63011065cf4aba4808568c577edc7293fdbbc3e91518cd0658793e584
                    • Instruction ID: a18a1cf57d3cf94892e992a3a3daee00b10b4c8a6481a1c9be55723275012a1e
                    • Opcode Fuzzy Hash: 2e4112d63011065cf4aba4808568c577edc7293fdbbc3e91518cd0658793e584
                    • Instruction Fuzzy Hash: CBC13871A00288DFDF04DF64C884BDD7BB5FF59308F148169E805AB292DB75EA48DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E02BC0 Relevance: 10.7, APIs: 7, Instructions: 246windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,00001202,00000000,00000000), ref: 00E02C80
                    • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 00E02CBF
                    • SendMessageW.USER32(00000000,00001202,00000000,00000000), ref: 00E02CD3
                    • SendMessageW.USER32(?,0000120A,00000000,00000007), ref: 00E02E68
                    • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 00E02E7A
                    • GetSystemMetrics.USER32(00000002), ref: 00E02E8D
                    • SendMessageW.USER32(00000000,0000120A,00000000,00000007), ref: 00E02EAD
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend$MetricsSystem
                    • String ID:
                    • API String ID: 3542082049-0
                    • Opcode ID: 3cf1fbfc61cae8d284d6d37f7463ac76fed4b04851a69754006caab9e16854fd
                    • Instruction ID: 969d48cdda8b6907494c29f1aba70047179e04afc9e2a0954e9e1af6343208f6
                    • Opcode Fuzzy Hash: 3cf1fbfc61cae8d284d6d37f7463ac76fed4b04851a69754006caab9e16854fd
                    • Instruction Fuzzy Hash: 7BA16E71A00209EFDB14DFA8CD85BEDFBB5FF44304F104269E516AB291EB70A985CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC64F0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 235registryCOMMON
                    Download Yara Rule
                    APIs
                    • CreateEventW.KERNEL32(00000000,00000000,00000000,Caphyon.AI.ExtUI.IEClickSoundRemover,604EB446), ref: 00DC6583
                    • GetLastError.KERNEL32 ref: 00DC65AC
                    • RegCloseKey.ADVAPI32(?,00000000,00000000,?,Function_00192988,00000000,00000000,80000001,00000000,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033), ref: 00DC6701
                      • Part of subcall function 00DB8250: CloseHandle.KERNEL32(?,604EB446,000000FF,00000000,00EFDF30,000000FF,00000000,?,000000FF,?,000000FF,00DC9DE5,BoostrapperProgressImpl,00000017,604EB446,?), ref: 00DB8393
                    • RegCloseKey.ADVAPI32(?,00000000,00000000,?,Function_00192988,00000000,Function_00192988,00000000,00000000,80000001,00000001,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033), ref: 00DC684E
                    Strings
                    • AppEvents\Schemes\Apps\Explorer\Navigating\.Current, xrefs: 00DC65F2, 00DC673E
                    • Caphyon.AI.ExtUI.IEClickSoundRemover, xrefs: 00DC6578
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Close$CreateErrorEventHandleLast
                    • String ID: AppEvents\Schemes\Apps\Explorer\Navigating\.Current$Caphyon.AI.ExtUI.IEClickSoundRemover
                    • API String ID: 1253123496-2079760225
                    • Opcode ID: eab26b3d17c0d82f097682becc30e8f9c46a0ee3a5fc94b1758453a48a0dd719
                    • Instruction ID: 944831aa47baf547a166a199c5315ae7c000f4b8d6efb279f80406041d8b6029
                    • Opcode Fuzzy Hash: eab26b3d17c0d82f097682becc30e8f9c46a0ee3a5fc94b1758453a48a0dd719
                    • Instruction Fuzzy Hash: 0EB14C70D01249EEDB10DFA4C945BDEFBF4AF14308F248199E455B7281EBB4AA48DBB1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E202E0 Relevance: 10.7, APIs: 7, Instructions: 218windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetDC.USER32(00000000), ref: 00E20383
                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E2038F
                    • GetDC.USER32(00000000), ref: 00E203D0
                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E203DC
                    • SendMessageW.USER32(?,00001109,00000000,?), ref: 00E2053C
                    • DeleteObject.GDI32(00000000), ref: 00E20578
                    • DeleteObject.GDI32(00000000), ref: 00E205A1
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CapsDeleteDeviceObject$MessageSend
                    • String ID:
                    • API String ID: 1040456183-0
                    • Opcode ID: 4cfe0c56c361016ac3913bb50ed3f82beb40447cceccbb8705ca5b92c11c89be
                    • Instruction ID: fe76883a2b5dea94e5633d9808ce3a9e3ba34cdcfb693ec4d1169488c7b65e3e
                    • Opcode Fuzzy Hash: 4cfe0c56c361016ac3913bb50ed3f82beb40447cceccbb8705ca5b92c11c89be
                    • Instruction Fuzzy Hash: 85917A70D00749EFDB01CFA8E948B9DBBF5BF59304F14825AE505B72A1E7B49A40DB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E110B0 Relevance: 10.7, APIs: 7, Instructions: 209windowCOMMON
                    Download Yara Rule
                    APIs
                    • DeleteObject.GDI32(?), ref: 00E112F4
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                      • Part of subcall function 00DC9A20: GetWindowTextLengthW.USER32(?), ref: 00DC9A27
                      • Part of subcall function 00DC9A20: GetWindowTextW.USER32(?,?,00000001), ref: 00DC9A59
                    • IsWindowEnabled.USER32(00000001), ref: 00E1113D
                    • GetFocus.USER32 ref: 00E11154
                    • GetClientRect.USER32(?,?), ref: 00E1117C
                    • ValidateRect.USER32(00000001,?), ref: 00E11189
                    • GetDC.USER32(00000001), ref: 00E11196
                      • Part of subcall function 00E48D90: SelectObject.GDI32(?,?), ref: 00E48DF3
                      • Part of subcall function 00E48D90: SetTextColor.GDI32(?,?), ref: 00E48E3F
                      • Part of subcall function 00E48D90: DrawTextW.USER32(?,?,?,?,00000024), ref: 00E48E5D
                      • Part of subcall function 00E48D90: SelectObject.GDI32(?,?), ref: 00E48E69
                    • CallWindowProcW.USER32(?,00000001,00000001,?,00000000), ref: 00E111C5
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: TextWindow$Object$RectSelect$CallClientColorDeleteDrawEnabledFocusHeapLengthProcProcessValidate
                    • String ID:
                    • API String ID: 2138470050-0
                    • Opcode ID: bba760c56bc15fd81054a40658be833c7002106b61a7acb30f333f59793369ba
                    • Instruction ID: 48354b0c89474575a9832e6304a2cc6b13cc0862cb5d69aca9be74034a7a51f0
                    • Opcode Fuzzy Hash: bba760c56bc15fd81054a40658be833c7002106b61a7acb30f333f59793369ba
                    • Instruction Fuzzy Hash: 12818C71A05208EFCB10DFA8D944BDEBBF5FF08314F14816AE915AB2A1D7749944DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC6290 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 148fileCOMMON
                    Download Yara Rule
                    APIs
                    • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,?), ref: 00DC63D3
                    • CloseHandle.KERNEL32(00000000), ref: 00DC6422
                      • Part of subcall function 00EDE23A: EnterCriticalSection.KERNEL32(00F9C82C,?,?,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE245
                      • Part of subcall function 00EDE23A: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE282
                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,00000000,?), ref: 00DC6486
                    • CloseHandle.KERNEL32(00000000,?), ref: 00DC64AC
                      • Part of subcall function 00EDE1F0: EnterCriticalSection.KERNEL32(00F9C82C,?,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE1FA
                      • Part of subcall function 00EDE1F0: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE22D
                      • Part of subcall function 00EDE1F0: RtlWakeAllConditionVariable.NTDLL ref: 00EDE2A4
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$CloseEnterFileHandleLeave$ConditionCreateVariableWakeWrite
                    • String ID: aix$html
                    • API String ID: 2883614012-2369804267
                    • Opcode ID: fbc8a783658cd0a81e3c3a2ec71dc154af3c1f6300fb6bfad9542260845a05c1
                    • Instruction ID: 36542eef9e24074fdeb6bdaded38c5162c6f78efa2f3373d849572ac3fe83823
                    • Opcode Fuzzy Hash: fbc8a783658cd0a81e3c3a2ec71dc154af3c1f6300fb6bfad9542260845a05c1
                    • Instruction Fuzzy Hash: E651AEB0904248DFDB14DF98DD49B9EBBF4FB44318F24011EE501AB392D7B59A09EBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC4C60 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                    Download Yara Rule
                    APIs
                    • GetDC.USER32(?), ref: 00DC4D31
                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DC4D40
                    • ReleaseDC.USER32(00000000), ref: 00DC4D87
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CapsDeviceRelease
                    • String ID:
                    • API String ID: 127614599-0
                    • Opcode ID: ace232c31d4bba4029d6082982cb6f2c0626ed6e912d623692a8007200183ae4
                    • Instruction ID: 5743856741399e4f3f27461d2db81655934d8d2acfc6959837fde683f3af4183
                    • Opcode Fuzzy Hash: ace232c31d4bba4029d6082982cb6f2c0626ed6e912d623692a8007200183ae4
                    • Instruction Fuzzy Hash: 7F513871A0034ADFDB10EFA5D958BAA7BB8FF08310F14462AF91AE7290D734D900DB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E76010 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 122fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DeleteFile
                    • String ID: TEST$http://www.example.com$http://www.google.com$http://www.yahoo.com$tin9999.tmp
                    • API String ID: 4033686569-625802988
                    • Opcode ID: 9aa651ef1dd931211dffa632c8dd30066365e52a48ff690dbc7729d1b81834ce
                    • Instruction ID: 85cff16f5de655f353d98ce14ed32a62022ffe5096b219de1cbc7a02f816e3d1
                    • Opcode Fuzzy Hash: 9aa651ef1dd931211dffa632c8dd30066365e52a48ff690dbc7729d1b81834ce
                    • Instruction Fuzzy Hash: 00518A31901248DFCB14DFA8C958BDEFBB4EF01314F1082A9E41AB7291DB749E48CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E1EA20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 112COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00E1FC10: EnterCriticalSection.KERNEL32(00F9D5C4), ref: 00E1FC58
                      • Part of subcall function 00E1FC10: LoadLibraryW.KERNEL32(uxtheme.dll), ref: 00E1FC70
                      • Part of subcall function 00E1FC10: FreeLibrary.KERNEL32(00000000), ref: 00E1FC88
                      • Part of subcall function 00E1FC10: LeaveCriticalSection.KERNEL32(00F9D5C4), ref: 00E1FC8F
                    • GetParent.USER32(?), ref: 00E1EAD5
                    • GetDC.USER32(00000000), ref: 00E1EADF
                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00E1EB07
                    • GetParent.USER32(?), ref: 00E1EB4D
                    • ReleaseDC.USER32(00000000,00000000), ref: 00E1EB5A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalLibraryParentSection$EnterFreeInflateLeaveLoadRectRelease
                    • String ID: edit
                    • API String ID: 3788016911-2167791130
                    • Opcode ID: 2bd91d6f30ed9223f2da9d4f40ee7dec1b1e9d2f588af16311828d528eb4eb06
                    • Instruction ID: 57e55b1f8af5f4b97e844bf5af6ab59fe4d090401d6c67c9a1e251ded4f9ac73
                    • Opcode Fuzzy Hash: 2bd91d6f30ed9223f2da9d4f40ee7dec1b1e9d2f588af16311828d528eb4eb06
                    • Instruction Fuzzy Hash: D9411B75D04308DFDB10DFA8C949A9DFBB4FF09714F10421AE829A7291DB31A895DB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EDB25C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 44libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00EDB2D4,00EDB23A,00EDB4D8), ref: 00EDB273
                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00EDB289
                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00EDB29E
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: AddressProc$HandleModule
                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                    • API String ID: 667068680-1718035505
                    • Opcode ID: 438902d50028c452da91b169f3f982aad2610e1ffbceda10b5b120acd907879c
                    • Instruction ID: 3c1753ed3d12e8b2eba0a1f9359666b0f574a4b6d659de4af7e252f3c57d0acc
                    • Opcode Fuzzy Hash: 438902d50028c452da91b169f3f982aad2610e1ffbceda10b5b120acd907879c
                    • Instruction Fuzzy Hash: E8F0A4A3708326DB4B31AFA49C9157E36C4DE06768306603BF900F3360F711CC02A6D1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EDE1F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                    Download Yara Rule
                    APIs
                    • EnterCriticalSection.KERNEL32(00F9C82C,?,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE1FA
                    • LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE22D
                    • RtlWakeAllConditionVariable.NTDLL ref: 00EDE2A4
                    • SetEvent.KERNEL32(?,00F9D45C,00F35CF0), ref: 00EDE2AE
                    • ResetEvent.KERNEL32(?,00F9D45C,00F35CF0), ref: 00EDE2BA
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                    • String ID: @v
                    • API String ID: 3916383385-311380672
                    • Opcode ID: 57cae304481897b25f02e522657042692883d3b7752b9b79f535e7177615a9ca
                    • Instruction ID: 08c1f58c62abe7a7040778e414b70b0ab1dc7d2cacc976689989a34fedab747c
                    • Opcode Fuzzy Hash: 57cae304481897b25f02e522657042692883d3b7752b9b79f535e7177615a9ca
                    • Instruction Fuzzy Hash: CC0119B2509228DBCB25BF58FC4C9997BA6EB4976170100ABF90197330CB315842FBE1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E007F0 Relevance: 9.2, APIs: 6, Instructions: 187windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00E00866
                    • SendMessageW.USER32(?,000000F1,-00000001,00000000), ref: 00E0087C
                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00E00883
                    • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00E00899
                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00E008DB
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID:
                    • API String ID: 3850602802-0
                    • Opcode ID: 6cc17c0bfcced6985b7ba3b9c21c2a5ff69b49d304e6b98cd3e11c0b5944759e
                    • Instruction ID: f6c12c39fa294b6abaf791fbaa76b1bb71c12aac359f426b514e3b40feb9fdc0
                    • Opcode Fuzzy Hash: 6cc17c0bfcced6985b7ba3b9c21c2a5ff69b49d304e6b98cd3e11c0b5944759e
                    • Instruction Fuzzy Hash: 41713970A00219AFEB24DB68CD55B9DBBB4FF44704F104299E509A72D1CB706E44DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E70ED0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 375COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                    • GetLogicalDriveStringsW.KERNEL32(00000064,?), ref: 00E710D6
                    • GetDriveTypeW.KERNEL32(?), ref: 00E710EA
                    • Wow64DisableWow64FsRedirection.KERNEL32(00000000,00000000), ref: 00E712C2
                    • Wow64RevertWow64FsRedirection.KERNEL32(00000000,00000000), ref: 00E71344
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Wow64$DriveRedirection$DisableHeapLogicalProcessRevertStringsType
                    • String ID: ]%!
                    • API String ID: 4157823300-1069524040
                    • Opcode ID: 4a620cc2ba03e6e0cd6057b497580b928f186888e676941c712d4f1c384defdd
                    • Instruction ID: 838571ce206875a70d6901ea1f4d060e3571e1451a344abbaae569e56ef76cbf
                    • Opcode Fuzzy Hash: 4a620cc2ba03e6e0cd6057b497580b928f186888e676941c712d4f1c384defdd
                    • Instruction Fuzzy Hash: 81E19E71900299DFDB24DB6CCC84BADB7B5AF44314F1481E9E41ABB292DB709E84CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2D4A0 Relevance: 9.1, APIs: 6, Instructions: 124windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetClientRect.USER32(?,?), ref: 00E2D4FE
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                      • Part of subcall function 00DC9A20: GetWindowTextLengthW.USER32(?), ref: 00DC9A27
                      • Part of subcall function 00DC9A20: GetWindowTextW.USER32(?,?,00000001), ref: 00DC9A59
                    • IsWindowEnabled.USER32(?), ref: 00E2D534
                    • GetFocus.USER32 ref: 00E2D544
                    • ValidateRect.USER32(?,?), ref: 00E2D567
                    • GetDC.USER32(?), ref: 00E2D574
                      • Part of subcall function 00E48D90: SelectObject.GDI32(?,?), ref: 00E48DF3
                      • Part of subcall function 00E48D90: SetTextColor.GDI32(?,?), ref: 00E48E3F
                      • Part of subcall function 00E48D90: DrawTextW.USER32(?,?,?,?,00000024), ref: 00E48E5D
                      • Part of subcall function 00E48D90: SelectObject.GDI32(?,?), ref: 00E48E69
                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 00E2D5A3
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: TextWindow$ObjectRectSelect$CallClientColorDrawEnabledFocusHeapLengthProcProcessValidate
                    • String ID:
                    • API String ID: 1523885995-0
                    • Opcode ID: 8cee99f6d92463a494e930edb9600f300833edf93d91534371a962fb7009ca9a
                    • Instruction ID: 10836a6bcf82f2d9eede62bad4a3bbc8e300322c2c51d309657c760b585d9a99
                    • Opcode Fuzzy Hash: 8cee99f6d92463a494e930edb9600f300833edf93d91534371a962fb7009ca9a
                    • Instruction Fuzzy Hash: 59412871904219DFDB00DF64DD84BEABBF8FF08314F18816AE915AB2A1DB75E944CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E14000 Relevance: 9.1, APIs: 6, Instructions: 97windowCOMMON
                    Download Yara Rule
                    APIs
                    • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003,?,00000001), ref: 00E14091
                    • VerSetConditionMask.KERNEL32(00000000), ref: 00E14095
                    • VerSetConditionMask.KERNEL32(00000000), ref: 00E14099
                    • VerifyVersionInfoW.KERNEL32(?), ref: 00E140BE
                    • GetParent.USER32(?), ref: 00E140E2
                    • SendMessageW.USER32(?,00000432,00000000,?), ref: 00E14138
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ConditionMask$InfoMessageParentSendVerifyVersion
                    • String ID:
                    • API String ID: 2374517313-0
                    • Opcode ID: 49b6dd0f8a2144094b7b745318e99627f2ae627b5fc662706b6c5ca22cb6aa0e
                    • Instruction ID: e6234199599f24272100769c82a1aab610179b770c19ac0273bc10fa5393973b
                    • Opcode Fuzzy Hash: 49b6dd0f8a2144094b7b745318e99627f2ae627b5fc662706b6c5ca22cb6aa0e
                    • Instruction Fuzzy Hash: FA3130B16083859FE320DF25DC49B5BBBE8FFC8704F00591EF58497290D7B599448B92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E34E60 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                    Download Yara Rule
                    APIs
                    • CloseHandle.KERNEL32(?,604EB446,?,00000000), ref: 00E34ECD
                    • CloseHandle.KERNEL32(?,604EB446,?,00000000), ref: 00E34EF2
                    • CloseHandle.KERNEL32(?,604EB446,?,00000000), ref: 00E34F17
                    • CloseHandle.KERNEL32(?,604EB446,?,00000000), ref: 00E34F3C
                    • CloseHandle.KERNEL32(?,604EB446,?,00000000), ref: 00E34F61
                    • DeleteCriticalSection.KERNEL32(?,604EB446,?,00000000), ref: 00E34FAB
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CloseHandle$CriticalDeleteSection
                    • String ID:
                    • API String ID: 2166061224-0
                    • Opcode ID: 471a14c6f050f24bb861859159fa0343c42d39d476affe462484cb9dd9dd9eb0
                    • Instruction ID: 7ac01bd031db0d4286d3c4512ef89eb5937399e6be6c018aef6a0c01b02773a1
                    • Opcode Fuzzy Hash: 471a14c6f050f24bb861859159fa0343c42d39d476affe462484cb9dd9dd9eb0
                    • Instruction Fuzzy Hash: C941D2B0505784DADB20DF39C9487CBFFF8AF12304F04449DD495A7281DB75AA04DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E10AA0 Relevance: 9.1, APIs: 6, Instructions: 58windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00E10AC3
                    • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00E10AD0
                    • GetDlgCtrlID.USER32(00000000), ref: 00E10AD7
                    • SendMessageW.USER32(00000000,00000401,00000000,00000000), ref: 00E10AEF
                    • SetFocus.USER32(00000000), ref: 00E10B0B
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LongWindow$CtrlFocusMessageSend
                    • String ID:
                    • API String ID: 243695104-0
                    • Opcode ID: b13b968461e43a2532a8496789acc807fbee78a8c57997b14892a0f42698a55f
                    • Instruction ID: 6f4bd2e1736eee8612b81d7e1fa7b92e35daa84bf644d8b7800367ee80f33be5
                    • Opcode Fuzzy Hash: b13b968461e43a2532a8496789acc807fbee78a8c57997b14892a0f42698a55f
                    • Instruction Fuzzy Hash: 6F01B5B2204244ABD6109B38ECCCF9AB799FF89364F100522F616D72A5CB759881DBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E10B40 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00E10B52
                    • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00E10B69
                    • RedrawWindow.USER32(00000000,00000000,00000000,00000101), ref: 00E10B79
                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00E10B8B
                    • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00E10B98
                    • RedrawWindow.USER32(00000000,00000000,00000000,00000101), ref: 00E10BA8
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Long$Redraw
                    • String ID:
                    • API String ID: 533842358-0
                    • Opcode ID: 30e07cf4b85273ad1dc94b9db9f47883cc6491a95b35b9e04158beb979b00904
                    • Instruction ID: 5ca7fa998ed7e67cb3e1f900e3b66a6a6fceca758311b90c71e4ecd0e59b0cee
                    • Opcode Fuzzy Hash: 30e07cf4b85273ad1dc94b9db9f47883cc6491a95b35b9e04158beb979b00904
                    • Instruction Fuzzy Hash: 5CF0C231289522BBE6111728EC0DFEE3798AF46731F240301FA21F62F4CF985C8195E8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E5A3E0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 288COMMON
                    Download Yara Rule
                    APIs
                    • GetShortPathNameW.KERNEL32(604EB446,00000000,00000000), ref: 00E5A43F
                    • GetShortPathNameW.KERNEL32(?,?,?), ref: 00E5A4AD
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: NamePathShort
                    • String ID: neutral$x64$x86
                    • API String ID: 1295925010-1541741584
                    • Opcode ID: be31d3390e0808691757615ce02bc5cf4e08c8a45031bba6e0bf459d139bbb57
                    • Instruction ID: 7fdc3595efec5411035f4ace44c4edad4089070874b00671b1e6fc0c342d5195
                    • Opcode Fuzzy Hash: be31d3390e0808691757615ce02bc5cf4e08c8a45031bba6e0bf459d139bbb57
                    • Instruction Fuzzy Hash: 1FB1A471900248EFDB00DFA4C849BDEFFF5EF44324F149669E915AB281DB74A944CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E502E0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 260COMMON
                    Download Yara Rule
                    APIs
                    • GetModuleHandleW.KERNEL32(00000000,00000080,00000001,Close,50000001,?,00000128,?,00000032,0000000E,00000082,000001F5,?,50000000,?,00000026), ref: 00E505B8
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: HandleModule
                    • String ID: Close$Copy$Details >>$Send Error Report
                    • API String ID: 4139908857-113472931
                    • Opcode ID: d3364af31c0770a1f104b6a98b8a6624e553b7a66af94065039388a4f64448e5
                    • Instruction ID: 8730487424fcf4531f940ab8b9c5cfa7708cebf8fd8b3668a21d0f431653b1ab
                    • Opcode Fuzzy Hash: d3364af31c0770a1f104b6a98b8a6624e553b7a66af94065039388a4f64448e5
                    • Instruction Fuzzy Hash: B5918270A40305ABDB24DF60DC56FAEB7B5EF54705F504619FA11BB2D0EBB0AA44CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E7C940 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 202COMMON
                    Download Yara Rule
                    APIs
                    • GetActiveWindow.USER32 ref: 00E7CA5E
                    • GetForegroundWindow.USER32 ref: 00E7CA6E
                    • SetForegroundWindow.USER32(00000000), ref: 00E7CAAA
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Foreground$Active
                    • String ID: User accepted to install a newer version.$User refused to install a newer version.
                    • API String ID: 503270652-4113633398
                    • Opcode ID: cc179b3c657c37cea79fbbcf50e1a496ce69f55e50675d068a44d3c6abd3c837
                    • Instruction ID: 56ea8b3fae6b6204efbb30fee676f390976a8222efc738d2177d18c40f575471
                    • Opcode Fuzzy Hash: cc179b3c657c37cea79fbbcf50e1a496ce69f55e50675d068a44d3c6abd3c837
                    • Instruction Fuzzy Hash: 6E71F231A006499FDB00DB68C8457AEF7F9EF45314F24C2ADE819A7392DB35AD41CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E4E3C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00EDE23A: EnterCriticalSection.KERNEL32(00F9C82C,?,?,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE245
                      • Part of subcall function 00EDE23A: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE282
                    • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr), ref: 00E4E434
                    • GetProcAddress.KERNEL32(00000000), ref: 00E4E43B
                      • Part of subcall function 00EDE1F0: EnterCriticalSection.KERNEL32(00F9C82C,?,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE1FA
                      • Part of subcall function 00EDE1F0: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE22D
                      • Part of subcall function 00EDE1F0: RtlWakeAllConditionVariable.NTDLL ref: 00EDE2A4
                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00E4E4EC
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave$AddressConditionFileLibraryLoadModuleNameProcVariableWake
                    • String ID: Dbghelp.dll$SymFromAddr
                    • API String ID: 3219134937-642441706
                    • Opcode ID: 9877ef2de38c8e52b5ba63279137c851e59643fdb881e461c3d586fdafb11c45
                    • Instruction ID: 0ce91b3b0969393ffd3ed4bd544df393e39e90aad8e4ceeb4c2f36a8b4e02498
                    • Opcode Fuzzy Hash: 9877ef2de38c8e52b5ba63279137c851e59643fdb881e461c3d586fdafb11c45
                    • Instruction Fuzzy Hash: D571AAB1900218CFDB28DF24DC45BEDB7B4FB19318F1082D9E619A62D1E7749A84CF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E32C60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00E32C85
                    • SendMessageW.USER32(00000000,0000120C,00000004,00000004), ref: 00E32CE8
                    • SendMessageW.USER32(00000000,0000120C,?,00000024), ref: 00E32D3F
                    • SendMessageW.USER32(00000000,00001051,?,00E32D70), ref: 00E32D50
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID: $
                    • API String ID: 3850602802-3993045852
                    • Opcode ID: 9f81b5384847df8af6c97adeae9db4612a7cbdbb66c50bd40b71703192663bd2
                    • Instruction ID: 5182335d161dd3820f373e57415f056a9660d34e9098951fe7f0764d29c5e44c
                    • Opcode Fuzzy Hash: 9f81b5384847df8af6c97adeae9db4612a7cbdbb66c50bd40b71703192663bd2
                    • Instruction Fuzzy Hash: 60317CB1204300ABD704CF15C885A6BBBE5FF88708F505A6DF699AB290D771D954CB86
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E6C800 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID:
                    • String ID: APPDATA$AppDataFolder$PROGRAMFILES$ProgramFilesFolder
                    • API String ID: 0-3551742416
                    • Opcode ID: 9747eac06bc3874ce76621d66539f02474b2fb8097d57f128a3933dd7cf2a82e
                    • Instruction ID: 9a938f99fb3fe5a7171f06a1ed3fd9b170df61cca372d0cb2c86eacf5b9a5fdc
                    • Opcode Fuzzy Hash: 9747eac06bc3874ce76621d66539f02474b2fb8097d57f128a3933dd7cf2a82e
                    • Instruction Fuzzy Hash: 7B213832A402099BCB24DF68E844BB6B3E5FB547A4F60166AD911E7390DB31DD40C790
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DCB390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74timeCOMMON
                    Download Yara Rule
                    APIs
                    • InitializeCriticalSection.KERNEL32(?,604EB446), ref: 00DCB3FA
                    • EnterCriticalSection.KERNEL32(?,604EB446), ref: 00DCB407
                    • SetTimer.USER32(00000000,00000001,0000000A,00000000), ref: 00DCB43D
                    • LeaveCriticalSection.KERNEL32(?), ref: 00DCB458
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterInitializeLeaveTimer
                    • String ID: @v
                    • API String ID: 3379552715-311380672
                    • Opcode ID: ca8de803bb181330b5042b53b7a93881004a2d9303b458cdf4fb500bf5dbe46d
                    • Instruction ID: 6b2204bfb1840739de56451dde8c280b38ac7c39f37f5d9043406efd6cc32769
                    • Opcode Fuzzy Hash: ca8de803bb181330b5042b53b7a93881004a2d9303b458cdf4fb500bf5dbe46d
                    • Instruction Fuzzy Hash: 9521B1729082899FDF11DF64C841BE9BBB4EB16338F1401AAE855AB292C7329905DB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2C340 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 74libraryloaderwindowCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcAddress.KERNEL32(SetWindowTheme), ref: 00E2C40D
                    • SendMessageW.USER32(000000EF,00001036,00010000,00010000), ref: 00E2C44F
                      • Part of subcall function 00EDE23A: EnterCriticalSection.KERNEL32(00F9C82C,?,?,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE245
                      • Part of subcall function 00EDE23A: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE282
                      • Part of subcall function 00E07D10: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00E07D51
                      • Part of subcall function 00EDE1F0: EnterCriticalSection.KERNEL32(00F9C82C,?,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE1FA
                      • Part of subcall function 00EDE1F0: LeaveCriticalSection.KERNEL32(00F9C82C,?,00DB9DF7,00F9D45C,00F35CF0), ref: 00EDE22D
                      • Part of subcall function 00EDE1F0: RtlWakeAllConditionVariable.NTDLL ref: 00EDE2A4
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave$AddressConditionDirectoryMessageProcSendSystemVariableWake
                    • String ID: SetWindowTheme$UxTheme.dll$explorer
                    • API String ID: 1566958886-3123591815
                    • Opcode ID: 2011287586c979c2d74098952ef1502f6080ab8b5fc5a179904d9d6d9ed2ab5f
                    • Instruction ID: 659798cd45676ed8e9442013939b1e83daae423052f813adb9d53a6ffc1260a8
                    • Opcode Fuzzy Hash: 2011287586c979c2d74098952ef1502f6080ab8b5fc5a179904d9d6d9ed2ab5f
                    • Instruction Fuzzy Hash: D621E4B1A4474AABD710EF18ED06B5D77A0EB05724F204326F830A77E1C7B4A950AF56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DCB480 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71timeCOMMON
                    Download Yara Rule
                    APIs
                    • InitializeCriticalSection.KERNEL32(?,604EB446), ref: 00DCB4EA
                    • EnterCriticalSection.KERNEL32(?,604EB446), ref: 00DCB4F7
                    • SetTimer.USER32(00000000,00000001,0000000A,00000000), ref: 00DCB527
                    • LeaveCriticalSection.KERNEL32(?), ref: 00DCB53E
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterInitializeLeaveTimer
                    • String ID: @v
                    • API String ID: 3379552715-311380672
                    • Opcode ID: 714a24cac6b7f1fef7b686102faef85451eb50c9c5306ec3ccf3e632c6608e9b
                    • Instruction ID: a646adaac527e7bb9c32e8e66d302d7f6414724e5c324e04585ce11d54245290
                    • Opcode Fuzzy Hash: 714a24cac6b7f1fef7b686102faef85451eb50c9c5306ec3ccf3e632c6608e9b
                    • Instruction Fuzzy Hash: A821E0729043499FDF11DF64CC41BA9BBB4FF15328F1005AAEC55AB292C7319904DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EE23AC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                    Download Yara Rule
                    APIs
                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,00EE246D,?,?,00000000,?,?,00EE251F,00000002,FlsGetValue,00F39008,00F39010), ref: 00EE243C
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: FreeLibrary
                    • String ID: api-ms-
                    • API String ID: 3664257935-2084034818
                    • Opcode ID: 4b646164a826bba4c5b4a4f82aab18e3495dc181f397a51d211dcbe54b17cf32
                    • Instruction ID: 4077a550a28b561b17d640e0d672f2ddac5eb82da2697a2dbdbace92a3ce5a3a
                    • Opcode Fuzzy Hash: 4b646164a826bba4c5b4a4f82aab18e3495dc181f397a51d211dcbe54b17cf32
                    • Instruction Fuzzy Hash: 8511CE72A0476DABDB22AF6A9C00B5E3399AF01774F211125FB21BB2C0D760ED0096E1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E1C52C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                    Download Yara Rule
                    APIs
                    • GetParent.USER32(00000015), ref: 00E1C5B9
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Parent
                    • String ID: @d$C:\JobRelease\stubs\setup\controls\generic\VisualStyleBorder.h$Unknown exception$d
                    • API String ID: 975332729-2251371312
                    • Opcode ID: f9eb61fd833a925570e96148ac8261d94f8be768b2b15e56d409df1902319e36
                    • Instruction ID: 5b7c71d57e85cb510da01b90ea9354eefb2de7ae3a11a3e01c6dd524e603d77b
                    • Opcode Fuzzy Hash: f9eb61fd833a925570e96148ac8261d94f8be768b2b15e56d409df1902319e36
                    • Instruction Fuzzy Hash: 9F210530D0528CDADB00DFE4D9587DDFFB0AF55308F208158D4057B296EBB96A48EBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBC5B4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 53COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ActiveWindow
                    • String ID: @d$C:\JobRelease\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception$d
                    • API String ID: 2558294473-1724073013
                    • Opcode ID: d6e043ebfe47b0c8a8a02dba16668f5129db8056f79bf663e93670b229d7fe1f
                    • Instruction ID: 85fc08172d50007f6b9cbffe406305614fda446138c5e5f04de8d4c0aa01a568
                    • Opcode Fuzzy Hash: d6e043ebfe47b0c8a8a02dba16668f5129db8056f79bf663e93670b229d7fe1f
                    • Instruction Fuzzy Hash: 4C213530C0528CDADB01DFE4D8587DDFFB4AF55308F508158E4057B296EBB45A08EBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBC9EB Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 53COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ActiveWindow
                    • String ID: @d$C:\JobRelease\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception$d
                    • API String ID: 2558294473-1724073013
                    • Opcode ID: fd3df87464c347c0153294a6048135135eb62dcafbbf4886dd00d14e198147d4
                    • Instruction ID: e6b39a35616c117b008b4be610e61470c6aa1e2470a39a1876a1748beb1be95b
                    • Opcode Fuzzy Hash: fd3df87464c347c0153294a6048135135eb62dcafbbf4886dd00d14e198147d4
                    • Instruction Fuzzy Hash: 74213430C0528CDADB11DFE4D8587CEFBB4AF59308F208158E4157B292EFB45A08EBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E1C385 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                    Download Yara Rule
                    APIs
                    • GetParent.USER32(00000005), ref: 00E1C3FF
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Parent
                    • String ID: 0Z$@d$C:\JobRelease\stubs\setup\controls\generic\VisualStyleBorder.h$d
                    • API String ID: 975332729-1201602748
                    • Opcode ID: cf103d997434f941bafe6168b38e31cd8d3edad7a4118d53eb61891f2315a26a
                    • Instruction ID: 4644b1631082bf8bdcab9892f505b56e62857c9d74d3580392a50f5bd992fd0d
                    • Opcode Fuzzy Hash: cf103d997434f941bafe6168b38e31cd8d3edad7a4118d53eb61891f2315a26a
                    • Instruction Fuzzy Hash: 53210774D01288DFDB00DFE4D9587CEBFB0AF55308F208098D405BB296DBB96A49DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E1C45A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 50COMMON
                    Download Yara Rule
                    APIs
                    • GetParent.USER32(0000000D), ref: 00E1C4D1
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Parent
                    • String ID: 0Z$@d$C:\JobRelease\stubs\setup\controls\generic\VisualStyleBorder.h$d
                    • API String ID: 975332729-1201602748
                    • Opcode ID: ab80b4252302f5b4d7019ae3ec91275857fe3b61439d1a73193c8ebeb4e9380f
                    • Instruction ID: 764ab00829d65a061fd6e90bdd07642f082e1c55e86958d0d94c36d0d223f1c1
                    • Opcode Fuzzy Hash: ab80b4252302f5b4d7019ae3ec91275857fe3b61439d1a73193c8ebeb4e9380f
                    • Instruction Fuzzy Hash: 8B212470D01288DFDB04DFE4D9587CDBFB1AF55308F208098D405BB296DBB96A49EBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBC42B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ActiveWindow
                    • String ID: 0Z$@d$C:\JobRelease\platform\ui\controls\mshtml\GenericAxControl.cpp$d
                    • API String ID: 2558294473-2075097303
                    • Opcode ID: 37e239a1c6eff93a758445e0a85a9ba9b0f8b194da34c10c7a36d7a5d701ab1f
                    • Instruction ID: 4d2e2f9d30d5a69f53e3a45b4826804810e346397cdc5c08193ec1f11f70fdd3
                    • Opcode Fuzzy Hash: 37e239a1c6eff93a758445e0a85a9ba9b0f8b194da34c10c7a36d7a5d701ab1f
                    • Instruction Fuzzy Hash: 2F21F470D05298DEDB04DFE4E8587DEBFB0BF55308F108098E405AB296DBB55A08DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBC856 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ActiveWindow
                    • String ID: 0Z$@d$C:\JobRelease\platform\ui\controls\mshtml\GenericAxControl.cpp$d
                    • API String ID: 2558294473-2075097303
                    • Opcode ID: dbd66ae83f8c82a0eba768f7a92a0fc2279f83418a2f1d0af36eefe512809456
                    • Instruction ID: 0b94dea6002f9ec77762f91afbd392c5dff4e677fec4c1e38fb3ade85d97bdd1
                    • Opcode Fuzzy Hash: dbd66ae83f8c82a0eba768f7a92a0fc2279f83418a2f1d0af36eefe512809456
                    • Instruction Fuzzy Hash: 1421F470D05298EEDB00DFE4D8587CEBFB0BF55304F108098E405AB296EBB55A08DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBC4F1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 47COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ActiveWindow
                    • String ID: 0Z$@d$C:\JobRelease\platform\ui\controls\mshtml\GenericAxControl.cpp$d
                    • API String ID: 2558294473-2075097303
                    • Opcode ID: bd8915b8e8cf159c9c0ab8e5411888c291580ba7123adc3e6b93bb530e0b04a4
                    • Instruction ID: 43f6571a8b965c998d013a61fd08f358c97f6561aaaa5d290e33b3658b104c6e
                    • Opcode Fuzzy Hash: bd8915b8e8cf159c9c0ab8e5411888c291580ba7123adc3e6b93bb530e0b04a4
                    • Instruction Fuzzy Hash: CA211470D01288EADB15DFE4D8587CDBFB0BF54308F108058E405AB296EBB55A08EBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBC922 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 47COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ActiveWindow
                    • String ID: 0Z$@d$C:\JobRelease\platform\ui\controls\mshtml\GenericAxControl.cpp$d
                    • API String ID: 2558294473-2075097303
                    • Opcode ID: 30c4898663b9c393e6809d690d52489947062c843fa56ae493a1cfc90eb13bae
                    • Instruction ID: e2151eed82200b9c0d09ce745ee853043102ce71916077850819cd25b0578722
                    • Opcode Fuzzy Hash: 30c4898663b9c393e6809d690d52489947062c843fa56ae493a1cfc90eb13bae
                    • Instruction Fuzzy Hash: 11212670D01298EEDB05DFE4D8587CEBFB0BF54308F108098E405BB296DBB55A08EBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2C5B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00E2C5E5
                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00E2C5F5
                    • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00E2C602
                    • SendMessageW.USER32(00000000,0000040A,00000001,0000001E), ref: 00E2C612
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: LongWindow$MessageSend
                    • String ID: FASTOEM
                    • API String ID: 2178440468-3150587786
                    • Opcode ID: 8057771db20495996a938c60b8f3e1dcb686b93a60e5bab9b07827224d00dcfd
                    • Instruction ID: 06582f2d571b38cd36b8da285de55dc83e64faef3f458ed5f8645be9a5019009
                    • Opcode Fuzzy Hash: 8057771db20495996a938c60b8f3e1dcb686b93a60e5bab9b07827224d00dcfd
                    • Instruction Fuzzy Hash: 89F02871248134ABDA109B18EC08EDE3395AF26325F201605F915F73E1CBA1DC42D6F9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EDE2C2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                    Download Yara Rule
                    APIs
                    • SleepConditionVariableCS.KERNELBASE(?,00EDE25F,00000064), ref: 00EDE2E5
                    • LeaveCriticalSection.KERNEL32(00F9C82C,?,?,00EDE25F,00000064,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE2EF
                    • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00EDE25F,00000064,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE300
                    • EnterCriticalSection.KERNEL32(00F9C82C,?,00EDE25F,00000064,?,00DB9D86,00F9D45C,604EB446,?,?,00EFE49D,000000FF,?,00E81EAC,604EB446), ref: 00EDE307
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                    • String ID: @v
                    • API String ID: 3269011525-311380672
                    • Opcode ID: e40405734e6914f555a2b406b89575fd4a5bf604b73fe2146b9b0591168b84c1
                    • Instruction ID: e7f19bd36a6bdbccea838f73aea53d44e1a88542fc7d1223869f45384d00a458
                    • Opcode Fuzzy Hash: e40405734e6914f555a2b406b89575fd4a5bf604b73fe2146b9b0591168b84c1
                    • Instruction Fuzzy Hash: 26E0487254522CBBDE213F95EC0C9EE3F6AEB48BB1B000062F90966270C7615841BFE5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DCEB50 Relevance: 7.7, APIs: 5, Instructions: 234windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,0000104D,00000000,00000000), ref: 00DCEC92
                    • SendMessageW.USER32(?,0000104D,00000000,?), ref: 00DCED47
                    • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00DCEDE6
                    • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00DCEE91
                      • Part of subcall function 00DC2000: RaiseException.KERNEL32(00000000,00000000,00000000,00000000,00EDB848,C000008C,00000001,?,00EDB879,00000000,?,00DB9067,00000000,604EB446,000000FF,?), ref: 00DC200C
                    • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00DCEF17
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend$ExceptionRaise
                    • String ID:
                    • API String ID: 1853712985-0
                    • Opcode ID: 8140f9f597128cfcd2ec5074c1d1496beedf547ee629883fa368d58b514a1885
                    • Instruction ID: 8609db4bab5d004e1e6840dbb646dc9f0bd472f500fb6161d8353d9b5c42ee61
                    • Opcode Fuzzy Hash: 8140f9f597128cfcd2ec5074c1d1496beedf547ee629883fa368d58b514a1885
                    • Instruction Fuzzy Hash: FCB106B1D1035DDBEB20CF54CD54BDABBB1BF48308F14929AE9186B280D7B65A84CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DCB020 Relevance: 7.7, APIs: 5, Instructions: 232windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetDC.USER32(00000001), ref: 00DCB089
                    • GetParent.USER32(00000001), ref: 00DCB0B2
                    • SendMessageW.USER32(00000000,00000138,?,00000001), ref: 00DCB0C2
                    • FillRect.USER32(?,?,00000000), ref: 00DCB0CD
                    • ReleaseDC.USER32(00000001,00000000), ref: 00DCB2A2
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: FillMessageParentRectReleaseSend
                    • String ID:
                    • API String ID: 2215362955-0
                    • Opcode ID: b4673b19d598031210088c3ca9156c8a3a7324aed9010c30a9d1761d28aed376
                    • Instruction ID: 74b916f4fabdb2eb2b8f8cd9be9e76cae0d9b7a7d8949c009c80a6a5df040e2c
                    • Opcode Fuzzy Hash: b4673b19d598031210088c3ca9156c8a3a7324aed9010c30a9d1761d28aed376
                    • Instruction Fuzzy Hash: CA912471A007099FDB218FA5CD05BAEBBF9FF48710F18452AE956E7260D731E805DB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E271D0 Relevance: 7.7, APIs: 5, Instructions: 160windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 00E2721E
                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 00E2730E
                    • SendMessageW.USER32(?,00001003,00000001,?), ref: 00E2735A
                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00E273BB
                    • SendMessageW.USER32(00000000,00001208,00000000,00000000), ref: 00E273CE
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID:
                    • API String ID: 3850602802-0
                    • Opcode ID: 6b37430b6cf166f7aaec20015bc567ba91197eb6e7b0c83347b5b2d55f21fbd1
                    • Instruction ID: 51f9ce3dfcb86a484e19e3e6da2ec0ab17d073b735fb40bdc3bebeb6efaad163
                    • Opcode Fuzzy Hash: 6b37430b6cf166f7aaec20015bc567ba91197eb6e7b0c83347b5b2d55f21fbd1
                    • Instruction Fuzzy Hash: 95615AB1D00248DFDB20DF94C945BDEBBB5FF48324F24026AE915AB2E1D7B06A41DB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E2D2C0 Relevance: 7.6, APIs: 5, Instructions: 150windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowDC.USER32(?,604EB446,000000FF,?,?,?,?,?,?,?,?,?,?,?,00000000,00F14A1D), ref: 00E2D2F0
                    • GetWindowRect.USER32(?,?), ref: 00E2D310
                    • IsWindowEnabled.USER32(?), ref: 00E2D33B
                    • GetFocus.USER32 ref: 00E2D349
                    • DeleteDC.GDI32(?), ref: 00E2D477
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$DeleteEnabledFocusRect
                    • String ID:
                    • API String ID: 733580484-0
                    • Opcode ID: 1b94b8b248518dc06d0e941144997901b8796d953c22667f8b4d147178a4b02d
                    • Instruction ID: e3fcd6f39198edbd4bc5500dfa108b578f3b3148ae3f106df41f8dd69191c868
                    • Opcode Fuzzy Hash: 1b94b8b248518dc06d0e941144997901b8796d953c22667f8b4d147178a4b02d
                    • Instruction Fuzzy Hash: 31511371A04618EFDB20DFA4DD88BEEBBF8EF08304F10415AE556B3290D770A944DB65
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EA2B70 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 146COMMON
                    Download Yara Rule
                    APIs
                    • InitializeCriticalSection.KERNEL32(?), ref: 00EA2BD5
                    • EnterCriticalSection.KERNEL32(604EB446), ref: 00EA2BE5
                    • LeaveCriticalSection.KERNEL32(604EB446,?,?,?,?,00000000,00000018,00000018), ref: 00EA2D3E
                    • CloseHandle.KERNEL32(?), ref: 00EA2D57
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$CloseEnterHandleInitializeLeave
                    • String ID: @v
                    • API String ID: 2138915644-311380672
                    • Opcode ID: 13c6b8e66885289f66b0df26ab315f732caf35dc0f30eb79352f6371b6e19467
                    • Instruction ID: 81588d4a2065d13433bb5da4db7667e0e169683445cebb85929f7dd363a7be62
                    • Opcode Fuzzy Hash: 13c6b8e66885289f66b0df26ab315f732caf35dc0f30eb79352f6371b6e19467
                    • Instruction Fuzzy Hash: B5516B70C04388DBDB10DFA8D945BDEBBB4EF59314F104299E815B7292EB746A49CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBF370 Relevance: 7.6, APIs: 5, Instructions: 120windowCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ItemMessageSendWindow
                    • String ID:
                    • API String ID: 799199299-0
                    • Opcode ID: f5f8681bb7ac8dafcfc2b7880f14d12f1dbe1d3a55715844cb14da87b5bd9c69
                    • Instruction ID: b44fc86c62e4aca8b9c937c2002c65f819966ec903e92e1d4ac5e66db6e04745
                    • Opcode Fuzzy Hash: f5f8681bb7ac8dafcfc2b7880f14d12f1dbe1d3a55715844cb14da87b5bd9c69
                    • Instruction Fuzzy Hash: 35419F36200206DFC724DF58DC98AA7B7A9FB44311F08497AE58BC6262D732E854EB70
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DD5370 Relevance: 7.6, APIs: 5, Instructions: 109windowCOMMON
                    Download Yara Rule
                    APIs
                    • SetFocus.USER32(00000000), ref: 00DD53E8
                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 00DD5430
                    • SendMessageW.USER32(?,0000102C,000000FF,0000F000), ref: 00DD5453
                    • SendMessageW.USER32(?,0000102B,000000FF,?), ref: 00DD547F
                    • SetFocus.USER32(00000000), ref: 00DD5492
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend$Focus
                    • String ID:
                    • API String ID: 3982298024-0
                    • Opcode ID: 92fe567e15465ef2999baa2e5855b47a754bed9ce19b1c325ed12bacabbb4041
                    • Instruction ID: e28bd9005b7c10be31962e494b6b4f35a9b6268d2f99fef62d7aab362f955a00
                    • Opcode Fuzzy Hash: 92fe567e15465ef2999baa2e5855b47a754bed9ce19b1c325ed12bacabbb4041
                    • Instruction Fuzzy Hash: 48414D75900B08EFDB20CF68CC45BAABBF4FB48710F10426AE865977A0DB70A910DF51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DEF290 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                    Download Yara Rule
                    APIs
                    • SetBkMode.GDI32(?,00000001), ref: 00DEF2EA
                    • GetSysColor.USER32(00000012), ref: 00DEF30B
                    • SetTextColor.GDI32(?,00000000), ref: 00DEF32F
                    • GetSysColorBrush.USER32(0000000F), ref: 00DEF344
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Color$BrushModeText
                    • String ID:
                    • API String ID: 3650803571-0
                    • Opcode ID: 82abd2c29d71c7c965cc2ed307d78d45ac95f37284aa2e9a12db1c1ebb1dd4d8
                    • Instruction ID: 2dd95a9fffbf764e4a897b495dbc1eeaf11479e870d4b5f034e5c7a55f0a824b
                    • Opcode Fuzzy Hash: 82abd2c29d71c7c965cc2ed307d78d45ac95f37284aa2e9a12db1c1ebb1dd4d8
                    • Instruction Fuzzy Hash: 3321E532604249EFCB15EF59EC40BADBBB8FB49721F10416AF9519B391CB729D01DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBD150 Relevance: 7.6, APIs: 5, Instructions: 81COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Variant$Clear$Init
                    • String ID:
                    • API String ID: 3740757921-0
                    • Opcode ID: 28fe43b8e872acc3bfb7afa0e4554d1624c3703d39c3f659c153df36920d00a0
                    • Instruction ID: 897198cf0254d360bba7a83481fc69b0e99dc739572b6721058ab2d265856636
                    • Opcode Fuzzy Hash: 28fe43b8e872acc3bfb7afa0e4554d1624c3703d39c3f659c153df36920d00a0
                    • Instruction Fuzzy Hash: 83311871D0524CEFDB01DFA8D944BDEBBBCEF49304F14819AE410A7290D7B5AA04CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC25B0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                    Download Yara Rule
                    APIs
                    • ClientToScreen.USER32(?,?), ref: 00DC25F9
                    • ClientToScreen.USER32(?,?), ref: 00DC2607
                    • GetParent.USER32(?), ref: 00DC260C
                    • ScreenToClient.USER32(00000000,?), ref: 00DC261E
                    • ScreenToClient.USER32(00000000,?), ref: 00DC262E
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ClientScreen$Parent
                    • String ID:
                    • API String ID: 3677003336-0
                    • Opcode ID: fb335d227cddd8209b12b33d6515c92a6b52414daa40a156f09a170b02335654
                    • Instruction ID: ebf0488165a08c10f71cf7021f9e3f91a517116befaa7421297b5e6bd8c0c9c4
                    • Opcode Fuzzy Hash: fb335d227cddd8209b12b33d6515c92a6b52414daa40a156f09a170b02335654
                    • Instruction Fuzzy Hash: A62149726042069FD205EF29CC40A6BB7E8BF98700F44491EF885C2220E730D9498BA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E05050 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 338windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,0000110A,00000004,?), ref: 00E051D4
                      • Part of subcall function 00E04E00: SendMessageW.USER32(?,0000110A,00000004,?), ref: 00E04E5D
                      • Part of subcall function 00E04E00: SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00E04E7F
                      • Part of subcall function 00E04E00: SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00E04EA1
                    • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00E051FA
                    • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00E05220
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID: d
                    • API String ID: 3850602802-2564639436
                    • Opcode ID: 5493939174753fbed39fe7877234c742bf39ff61c91e2bd0f4d724d556136629
                    • Instruction ID: 3c5e72558bb65cf5813422c104598aa00db06335049b7cbbe944bd7bec4de3b1
                    • Opcode Fuzzy Hash: 5493939174753fbed39fe7877234c742bf39ff61c91e2bd0f4d724d556136629
                    • Instruction Fuzzy Hash: A0E11971A01218DFDB20DFA4CC84BDEBBB5BF49304F1451A9E509BB291DB74AA84CF61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DEB0E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 236windowCOMMON
                    Download Yara Rule
                    APIs
                    • SetWindowTextW.USER32(00000000,?), ref: 00DEB240
                    • GetFocus.USER32 ref: 00DEB246
                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00DEB25E
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: FocusMessageSendTextWindow
                    • String ID: ProductName
                    • API String ID: 113843762-3586724618
                    • Opcode ID: 9b64a02eef847586567e393de2d1966a93c18e740567ffc2ff65f4e6943bd1fb
                    • Instruction ID: c0bb841d26c30bfada369a90057441a872708125ac127e8693beb4a634bcfff0
                    • Opcode Fuzzy Hash: 9b64a02eef847586567e393de2d1966a93c18e740567ffc2ff65f4e6943bd1fb
                    • Instruction Fuzzy Hash: 95A16C30900258DFDB14DFA8C855BEEBBF4AF19304F1441E9E406AB291DB746E49DFA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DD4360 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 220windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                      • Part of subcall function 00E2B850: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00DCE8F8,00000000,80004005), ref: 00E2B8BB
                      • Part of subcall function 00E2B850: RedrawWindow.USER32(?,00000000,00000000,00000541,?,?,?,000000EF,?,00DCE8F8,00000000,80004005), ref: 00E2B8CC
                      • Part of subcall function 00E2B850: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E2B8EB
                    • SendMessageW.USER32(?,00001036,00000004,00000004), ref: 00DD451C
                    • SendMessageW.USER32(?,00001036,00000400,00000400), ref: 00DD4533
                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 00DD458F
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend$Window$AllocateHeapRedraw
                    • String ID: QuickSelectionList
                    • API String ID: 884508843-3633591268
                    • Opcode ID: b3ef2de7afe5f455f82ff32c1c8bb95d92073ad2e3bbb15384d94d86786aa097
                    • Instruction ID: 5141958e8ae9a42e0d4114ca062ebd001486a6e47967942902ed2a0c548fea18
                    • Opcode Fuzzy Hash: b3ef2de7afe5f455f82ff32c1c8bb95d92073ad2e3bbb15384d94d86786aa097
                    • Instruction Fuzzy Hash: A6818B71A002099FCB14DF68C894BEEFBF4FF88314F14425AE956A7290DB71A944CFA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF1080 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 173COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowRect.USER32(?,?), ref: 00DF10BE
                    • SetWindowPos.USER32(?,00000000,?,?,?,00000008,00000604), ref: 00DF1291
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Rect
                    • String ID: AiDlgHeight$AiDlgWeight
                    • API String ID: 3200805268-871102398
                    • Opcode ID: 147dffcd4be14368eb0827e66121f0b14c64e07d779fdcea60ce35e1b2128df3
                    • Instruction ID: fe93828b24be312539123f3e8b047bf15d62dc8eb84338c5a23a256daed09b9a
                    • Opcode Fuzzy Hash: 147dffcd4be14368eb0827e66121f0b14c64e07d779fdcea60ce35e1b2128df3
                    • Instruction Fuzzy Hash: 51616E71D00248DFCB14DFA8D945BDEBBF9EF58314F14816AE915AB291DB34AA04CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E264E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                    Download Yara Rule
                    APIs
                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000011,?,?,?,00000010,?,?,?,00000000,00F13838,000000FF), ref: 00E26688
                    • SHGetMalloc.SHELL32(?), ref: 00E266B1
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: FolderLocationMallocSpecial
                    • String ID: C:\$C:\FAKE_DIR\
                    • API String ID: 531188275-2055520131
                    • Opcode ID: 230075eb8a0eb83ed75d05b124c87f7e676f6d23005190540285be93c8f0d8fe
                    • Instruction ID: edc7fa7ee59b2a29cf91e232c9475d513799de58e3db4073982334126dd9aa6c
                    • Opcode Fuzzy Hash: 230075eb8a0eb83ed75d05b124c87f7e676f6d23005190540285be93c8f0d8fe
                    • Instruction Fuzzy Hash: 106181B1600749EFEB20DF54CD45B9ABBF4FF08704F10851DEA59AB291D7B1A904DB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E200E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                      • Part of subcall function 00E202E0: GetDC.USER32(00000000), ref: 00E20383
                      • Part of subcall function 00E202E0: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E2038F
                      • Part of subcall function 00E202E0: GetDC.USER32(00000000), ref: 00E203D0
                      • Part of subcall function 00E202E0: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E203DC
                    • SendMessageW.USER32(?,0000110A,00000004,FFFF0000), ref: 00E2026C
                    • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00E20284
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CapsDeviceMessageSend$AllocateHeap
                    • String ID: 5$SelectionTree
                    • API String ID: 3115010619-800592242
                    • Opcode ID: e3afb367d197da3344985b5521f832a02102d2e87a863e1121a3637ea782b399
                    • Instruction ID: d770bc8bbc0c08150c01adb6e0e1314144397d2795c1bd9b042debd9f59f5315
                    • Opcode Fuzzy Hash: e3afb367d197da3344985b5521f832a02102d2e87a863e1121a3637ea782b399
                    • Instruction Fuzzy Hash: 2C516C71A00609EFDB14DFA8DC44BEDBBF4FF09714F10465AE916A7291DB71A904CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E1D480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 107windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E1D4D5
                    • SetWindowTextW.USER32(?,?), ref: 00E1D4F0
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSendTextWindow
                    • String ID: RadioButton$`Property` = '
                    • API String ID: 893732450-1374153347
                    • Opcode ID: d581aef67420ab94418083d9cf52df404d08e925ef0c5ef874d2b828e4d69807
                    • Instruction ID: 7e92ab5f889fbb2bdc063588738c9645f4f2afdc15ec318fe17e613e7a9b0e68
                    • Opcode Fuzzy Hash: d581aef67420ab94418083d9cf52df404d08e925ef0c5ef874d2b828e4d69807
                    • Instruction Fuzzy Hash: 48416B30A00248DFDF10DFA8C895BEEBBF8EF08714F104569E516AB291DB70AD05DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC2020 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88threadCOMMON
                    Download Yara Rule
                    APIs
                    • GetCurrentThreadId.KERNEL32 ref: 00DC2056
                    • EnterCriticalSection.KERNEL32(00F9D7FC), ref: 00DC2076
                    • LeaveCriticalSection.KERNEL32(00F9D7FC), ref: 00DC209A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$CurrentEnterLeaveThread
                    • String ID: @v
                    • API String ID: 2351996187-311380672
                    • Opcode ID: 6ef542868f6fbea457aaffd210658452eee1521ef0c40ba087150bdf482150a7
                    • Instruction ID: a3814cbcac4e39835b036348b6e5dccb347d8b4745358fe7250e64f88b784db0
                    • Opcode Fuzzy Hash: 6ef542868f6fbea457aaffd210658452eee1521ef0c40ba087150bdf482150a7
                    • Instruction Fuzzy Hash: 9721BFB19087499FDB20DF58DD44B5ABBE8FB04B20F10466EE82593780D775A904DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E78470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                    Download Yara Rule
                    APIs
                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,00E76689,?,604EB446,?,?,604EB446,?,?), ref: 00E78484
                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,00E76689,?,604EB446,?,?,604EB446,?,?), ref: 00E784A1
                    • GetLastError.KERNEL32(00E76689,?,604EB446,?,?,604EB446,?,?), ref: 00E78500
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CreateEvent$ErrorLast
                    • String ID: AdvancedInstaller
                    • API String ID: 1131763895-1372594473
                    • Opcode ID: 8c21a9ab15ad25c62629dcea5cc0b21a73a5cc5b99d75e419154ff58a189dd8a
                    • Instruction ID: 1a719b77d851a0fe9142f86e43f99d6b582815b787087d510a6bed9dc3519204
                    • Opcode Fuzzy Hash: 8c21a9ab15ad25c62629dcea5cc0b21a73a5cc5b99d75e419154ff58a189dd8a
                    • Instruction Fuzzy Hash: 96117C71380606BBD724DB21DD99F5ABBA4FB58705F208015F609A7690EBB0B851CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE89A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetParent.USER32(?), ref: 00DE89F1
                    • GetParent.USER32(?), ref: 00DE89FA
                    • SendMessageW.USER32(?,00000411,00000000,?), ref: 00DE8A0F
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Parent$MessageSend
                    • String ID: ,
                    • API String ID: 2251359880-3772416878
                    • Opcode ID: 72d8cb2235d1b95d380cfa5b42079a18ff233840505575ddf48131527f3978df
                    • Instruction ID: fa895c4171d893fd8fd9b7d3bbc118e9bf67dc9b74d7544e92978e6b7cd59276
                    • Opcode Fuzzy Hash: 72d8cb2235d1b95d380cfa5b42079a18ff233840505575ddf48131527f3978df
                    • Instruction Fuzzy Hash: 141157B1904344AFDB10EF29CC45B1AFBE4FB89300F44492BF55892661CB72E814DFA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DCE760 Relevance: 6.3, APIs: 4, Instructions: 292windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 00DCE8A8
                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 00DCE8BD
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                      • Part of subcall function 00E2B850: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00DCE8F8,00000000,80004005), ref: 00E2B8BB
                      • Part of subcall function 00E2B850: RedrawWindow.USER32(?,00000000,00000000,00000541,?,?,?,000000EF,?,00DCE8F8,00000000,80004005), ref: 00E2B8CC
                      • Part of subcall function 00E2B850: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E2B8EB
                    • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 00DCE9EE
                    • SendMessageW.USER32(?,00001061,00000000,00000005), ref: 00DCEAEA
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend$Window$AllocateHeapRedraw
                    • String ID:
                    • API String ID: 884508843-0
                    • Opcode ID: 48dce13766890fbeedec2b58414497450bfa8399845e7e7562516ac9dc7104b8
                    • Instruction ID: f73e641b4da68901153abbc36c92357cfb856d8f7e4b27be4ed6e1b59df975bc
                    • Opcode Fuzzy Hash: 48dce13766890fbeedec2b58414497450bfa8399845e7e7562516ac9dc7104b8
                    • Instruction Fuzzy Hash: 32B15C71A0020ADFDB14DFA8C885FEEFBB5FF48314F144259E516AB290DB75A944CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBE630 Relevance: 6.3, APIs: 4, Instructions: 271memoryCOMMON
                    Download Yara Rule
                    APIs
                    • SysAllocStringLen.OLEAUT32(00000000,?), ref: 00DBE6FA
                    • SysFreeString.OLEAUT32(00000000), ref: 00DBE746
                    • SysFreeString.OLEAUT32(00000000), ref: 00DBE768
                    • SysFreeString.OLEAUT32(00000000), ref: 00DBE8C3
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: String$Free$Alloc
                    • String ID:
                    • API String ID: 986138563-0
                    • Opcode ID: 31ed33a1ff4f31f709c46fd2789eb32edfeeb6e996dd0335b188a34546d7b818
                    • Instruction ID: be73adee25723bee3efcb60b60879e89539c608a7a4db93209319de71cecdd65
                    • Opcode Fuzzy Hash: 31ed33a1ff4f31f709c46fd2789eb32edfeeb6e996dd0335b188a34546d7b818
                    • Instruction Fuzzy Hash: 7BA18E75A00249EFDB14DFA8CC48BEEBBB8FF44714F144619E516E7280DB74AA05CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E11360 Relevance: 6.3, APIs: 4, Instructions: 269windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E11560
                    • SendMessageW.USER32(?,000000C5,?,00000000), ref: 00E11586
                    • GetSysColor.USER32(00000005), ref: 00E11593
                    • GetSysColor.USER32(00000012), ref: 00E115A3
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ColorMessageSend$AllocateHeap
                    • String ID:
                    • API String ID: 2146836252-0
                    • Opcode ID: f98dc7ab3781685003baa07f5227cef4466427d77a6706034c36c6d199bd631d
                    • Instruction ID: 74703104a9e5795c871bbca325abebb306dfbf6734b2ad798259bcf36bf67405
                    • Opcode Fuzzy Hash: f98dc7ab3781685003baa07f5227cef4466427d77a6706034c36c6d199bd631d
                    • Instruction Fuzzy Hash: FD91C071A002059FDB14DF68C884BEEBBF5FF89704F0445ADE956A72A1CB31AC45CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E0D200 Relevance: 6.3, APIs: 4, Instructions: 261windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                    • SendMessageW.USER32(?,00000146,00000000,00000000), ref: 00E0D41B
                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00E0D43E
                      • Part of subcall function 00DC9A20: GetWindowTextLengthW.USER32(?), ref: 00DC9A27
                      • Part of subcall function 00DC9A20: GetWindowTextW.USER32(?,?,00000001), ref: 00DC9A59
                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00E0D4B6
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend$TextWindow$HeapLengthProcess
                    • String ID:
                    • API String ID: 1075829935-0
                    • Opcode ID: 7eb77ddef8a8291b0558b1aa2bd7a8faee540dd39f2108e6419b259e4909667a
                    • Instruction ID: a57ee2ce88ea0f0130e1febc2427464a4da985b3a3e08dfe3bc4e864066f3f73
                    • Opcode Fuzzy Hash: 7eb77ddef8a8291b0558b1aa2bd7a8faee540dd39f2108e6419b259e4909667a
                    • Instruction Fuzzy Hash: 79A18D31A05208DFCB04DFA8C885BDEBBF5FF09314F144169E916AB291DB30A945CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DD2480 Relevance: 6.3, APIs: 4, Instructions: 254COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ClearVariant
                    • String ID:
                    • API String ID: 1473721057-0
                    • Opcode ID: f9ff85f8620cc07dda1a2b2909765c48182d7d3349eee3170b93873929b62c19
                    • Instruction ID: 009cafe068570c270674a2bd4b7e4e374e7bababcc3a04d1d9388817e1c6c97b
                    • Opcode Fuzzy Hash: f9ff85f8620cc07dda1a2b2909765c48182d7d3349eee3170b93873929b62c19
                    • Instruction Fuzzy Hash: B6A15774901259DFCB10DFA8C844BEEFBB8FF58314F24825AE405A7391E774AA45CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DD14D0 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ClearVariant
                    • String ID:
                    • API String ID: 1473721057-0
                    • Opcode ID: 69b779128c8987ad9d478002682f8a9c8907c14426a3e25505a176af28e31ecf
                    • Instruction ID: 7029c03edf2b10f1edbf490e939e64ffb791495332c548ee250b08f5ebe08f40
                    • Opcode Fuzzy Hash: 69b779128c8987ad9d478002682f8a9c8907c14426a3e25505a176af28e31ecf
                    • Instruction Fuzzy Hash: BB81AF34900348DFDB14DFA8C944B9EFBB4FF45310F24425AE815AB391E774AA45CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF34E0 Relevance: 6.2, APIs: 4, Instructions: 202windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetDlgItem.USER32(?,000000FF), ref: 00DF3606
                    • GetClientRect.USER32(?,?), ref: 00DF3617
                    • SendMessageW.USER32(?,00000418,00000000,0000012C), ref: 00DF3702
                    • SendMessageW.USER32(?,00000432,00000000,0000002C), ref: 00DF3719
                      • Part of subcall function 00DF45F0: CreateWindowExW.USER32(?,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00DF464F
                      • Part of subcall function 00DF45F0: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,00DF357C,00000000,604EB446,?,?), ref: 00DF4668
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSendWindow$ClientCreateItemRect
                    • String ID:
                    • API String ID: 1651111005-0
                    • Opcode ID: e3cea0133dd330c13146adf80d78f1f9342a5e7c200540fb8a8d15c7dd65ad13
                    • Instruction ID: f5b1cea267dfc36cbeb341472358ff4316590b1d5d5cfe669b8df7acdc0964f7
                    • Opcode Fuzzy Hash: e3cea0133dd330c13146adf80d78f1f9342a5e7c200540fb8a8d15c7dd65ad13
                    • Instruction Fuzzy Hash: 5A814BB0E00619DFDB24DF28C945BA9B7B0FF44314F1582A9D959A7391DB30AE84CFA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC86C0 Relevance: 6.2, APIs: 4, Instructions: 183windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetClientRect.USER32(?,00000000), ref: 00DC8759
                    • GetParent.USER32(?), ref: 00DC8779
                    • SendMessageW.USER32(00000000,00000135,?,?), ref: 00DC8789
                    • FillRect.USER32(?,00000000,00000000), ref: 00DC8797
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Rect$ClientFillMessageParentSend
                    • String ID:
                    • API String ID: 425900729-0
                    • Opcode ID: 474dad3247dcb6d9aecd72f77a788cdede845c2b0b77192cb6db2f3a61e5eee8
                    • Instruction ID: e5f8d1314f80f8c05c0fffd44a6aae6a6b4b0803942cbe0a487ec209ce336a8d
                    • Opcode Fuzzy Hash: 474dad3247dcb6d9aecd72f77a788cdede845c2b0b77192cb6db2f3a61e5eee8
                    • Instruction Fuzzy Hash: AC813B70A00219EFDB25CF64C958FAEBBB4FF08304F144199E509A7291DB71AE54DFA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E54130 Relevance: 6.2, APIs: 4, Instructions: 167COMMON
                    Download Yara Rule
                    APIs
                    • GetActiveWindow.USER32 ref: 00E5422A
                    • GetForegroundWindow.USER32(?,00E5B0C9), ref: 00E5423A
                    • SetForegroundWindow.USER32(00000000), ref: 00E54274
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                    • OutputDebugStringW.KERNEL32(?,604EB446,?,?,?,000000FF,?,00E5B0C9,?), ref: 00E542C8
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Foreground$ActiveDebugHeapOutputProcessString
                    • String ID:
                    • API String ID: 799693181-0
                    • Opcode ID: 257e85a9e591dd9526c6be50db4a375a63a1064d259c23efe14749752b0beca6
                    • Instruction ID: 6836eb2df5d34594828d36cf9971cb99b6f116d57fc445851845422a5327ebae
                    • Opcode Fuzzy Hash: 257e85a9e591dd9526c6be50db4a375a63a1064d259c23efe14749752b0beca6
                    • Instruction Fuzzy Hash: F351F175A002499FDB14DF6CC844BAEBBF4EF45329F14829DE815A73A1DB309D44CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE6E90 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                    Download Yara Rule
                    APIs
                    • DeleteObject.GDI32(00000000), ref: 00DE6F86
                    • GetDeviceCaps.GDI32(?,0000005A), ref: 00DE6FAB
                    • MulDiv.KERNEL32(?,00000000,00000048), ref: 00DE6FB7
                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,000002BC,?,?,?,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00DE700D
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CapsCreateDeleteDeviceFontObject
                    • String ID:
                    • API String ID: 140150076-0
                    • Opcode ID: b5526db1a2c61da12fd68c17856c10e81e142fad3f36e843fd55adc17d6d16a0
                    • Instruction ID: 1d198f100bb4b25ba122bff0aa252cd5c3c1cc201bc26e07ea9397260fc45937
                    • Opcode Fuzzy Hash: b5526db1a2c61da12fd68c17856c10e81e142fad3f36e843fd55adc17d6d16a0
                    • Instruction Fuzzy Hash: C651B572A00609AFDB18DF55DD55BAEB7A8FB44701F10812EF906DB6C0D775E904C7A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC9190 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetClientRect.USER32(?,?), ref: 00DC91E9
                    • GetLastError.KERNEL32 ref: 00DC921D
                    • SendMessageW.USER32(?,00000317,00000000,00000006), ref: 00DC9249
                    • SendMessageW.USER32(?,00000318,?,00000006), ref: 00DC92A9
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend$ClientErrorLastRect
                    • String ID:
                    • API String ID: 2591167063-0
                    • Opcode ID: ca7c2244d36a19a2ca1fe4d15b1cf76604499293e027475c45f772b1bd0ed49a
                    • Instruction ID: fdcebdfef6171b3bf05a6a4a8ea73da01d0ae4b59ef44f24cc9e154f551c5d44
                    • Opcode Fuzzy Hash: ca7c2244d36a19a2ca1fe4d15b1cf76604499293e027475c45f772b1bd0ed49a
                    • Instruction Fuzzy Hash: A631AF70544709ABEB21CF64CC49FAAFBE8BB05714F54021EE992AB6E1C731A900DB64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E628E0 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                    Download Yara Rule
                    APIs
                    • WideCharToMultiByte.KERNEL32(00000003,00000000,?,?,?,?,00000000,00000000), ref: 00E6293F
                    • GetLastError.KERNEL32(?,?,00000000,00000000), ref: 00E6294C
                    • WideCharToMultiByte.KERNEL32(00000003,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00E62969
                    • WideCharToMultiByte.KERNEL32(00000003,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 00E6298B
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ByteCharMultiWide$ErrorLast
                    • String ID:
                    • API String ID: 1717984340-0
                    • Opcode ID: 6fdda8a83c241dac2ec58e078b2e7f458e85ac6740022e46fe7fdf2936e07cc1
                    • Instruction ID: 412194231a0d5e76c4aa92bec22023b825bea3eebd995fb7e3a1d8f490ce3ee7
                    • Opcode Fuzzy Hash: 6fdda8a83c241dac2ec58e078b2e7f458e85ac6740022e46fe7fdf2936e07cc1
                    • Instruction Fuzzy Hash: A42128B578030A7BE7105F54EC82F5AB79DEF94784F24012DFB016B2C0D7A17D1586A4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DECCF0 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DE26E0: GetDC.USER32(?), ref: 00DE2743
                      • Part of subcall function 00DE26E0: GetWindowRect.USER32(?,?), ref: 00DE2762
                      • Part of subcall function 00DE26E0: CreateCompatibleDC.GDI32(?), ref: 00DE2791
                      • Part of subcall function 00DE26E0: CreateCompatibleBitmap.GDI32(?), ref: 00DE27D0
                      • Part of subcall function 00DE26E0: SelectObject.GDI32(?,00000000), ref: 00DE27DF
                      • Part of subcall function 00DE26E0: SendMessageW.USER32(?,00000317,?,00000014), ref: 00DE27F6
                      • Part of subcall function 00DE26E0: CreatePatternBrush.GDI32(00000000), ref: 00DE2801
                    • GetWindowRect.USER32(00000000,?), ref: 00DECD90
                    • GetWindowRect.USER32(00000000,?), ref: 00DECDA4
                    • IntersectRect.USER32(?,?,?), ref: 00DECDC1
                    • EqualRect.USER32(?,?), ref: 00DECDD1
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Rect$CreateWindow$Compatible$BitmapBrushEqualIntersectMessageObjectPatternSelectSend
                    • String ID:
                    • API String ID: 20872633-0
                    • Opcode ID: 3b5c738cae3d0e7eabba2a5a0c8b2f7099a58bfbd40bd2a8000a949c87dcc4d6
                    • Instruction ID: 2f63e58940df5f75ac5719ddd74cc2469d77dc91457d30775344413cf81a2e2d
                    • Opcode Fuzzy Hash: 3b5c738cae3d0e7eabba2a5a0c8b2f7099a58bfbd40bd2a8000a949c87dcc4d6
                    • Instruction Fuzzy Hash: 043148706142858FC705EF28D885DAAB7E8FF89304F140A6EF596D7220EB31ED45CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E48D90 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DC9890: CreateCompatibleDC.GDI32(?), ref: 00DC98EB
                      • Part of subcall function 00DC9890: CreateCompatibleBitmap.GDI32(?,?,?), ref: 00DC9904
                      • Part of subcall function 00DC9890: SelectObject.GDI32(?,00000000), ref: 00DC9910
                      • Part of subcall function 00DC9890: SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 00DC9929
                    • SelectObject.GDI32(?,?), ref: 00E48DF3
                    • SetTextColor.GDI32(?,?), ref: 00E48E3F
                    • DrawTextW.USER32(?,?,?,?,00000024), ref: 00E48E5D
                    • SelectObject.GDI32(?,?), ref: 00E48E69
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ObjectSelect$CompatibleCreateText$BitmapColorDrawViewport
                    • String ID:
                    • API String ID: 1496946490-0
                    • Opcode ID: a3f79b12dbc0cc6e537ba6139f26ae672b0c2d42907b98b8051d97ed5815cdf5
                    • Instruction ID: 5953b47ba7a3d9560a24955b5cad13743210eea44a071d557dc61a49ed01db46
                    • Opcode Fuzzy Hash: a3f79b12dbc0cc6e537ba6139f26ae672b0c2d42907b98b8051d97ed5815cdf5
                    • Instruction Fuzzy Hash: 9B313A71905208BFDB11DF95DE45B9DBFB6FF08710F20422AF915662A0D7716A20DB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E8E170 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                    Download Yara Rule
                    APIs
                    • GetDC.USER32(00000000), ref: 00E8E1BA
                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E8E1CD
                    • GetDC.USER32(00000000), ref: 00E8E227
                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E8E23A
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CapsDevice
                    • String ID:
                    • API String ID: 328075279-0
                    • Opcode ID: 64e699e2211bf997a65c82622a2c209a18f0177bbe4c2bd38fcd74faed262818
                    • Instruction ID: 7f54f57ddb1cbadcfefb1dc7278aa56613d421f147e59c30f04008f8493ceed9
                    • Opcode Fuzzy Hash: 64e699e2211bf997a65c82622a2c209a18f0177bbe4c2bd38fcd74faed262818
                    • Instruction Fuzzy Hash: 8C316972910708AED712DF74DC09B5AB7B8FF097A6F10872AE41AF22A1E7306901CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBF260 Relevance: 6.1, APIs: 4, Instructions: 81windowCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Focus$ChildWindow
                    • String ID:
                    • API String ID: 501040988-0
                    • Opcode ID: 8c2ffe6aa40db8c2b0c8dbb77f0c883c9a78b8b21072454aafd6916a5f80c92a
                    • Instruction ID: 8b93fe638bf26dd83e7cc5bdb0cae7caa397a1b5de4870a55e4854dc6060b748
                    • Opcode Fuzzy Hash: 8c2ffe6aa40db8c2b0c8dbb77f0c883c9a78b8b21072454aafd6916a5f80c92a
                    • Instruction Fuzzy Hash: 34316D71600609EFDB14CF64CD49FAAFBB8FF09710F144629E826D72A0DB71A811DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC8AB0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowRect.USER32(?,?), ref: 00DC8ADC
                    • ScreenToClient.USER32(?,00000000), ref: 00DC8AEB
                    • ScreenToClient.USER32(?,?), ref: 00DC8AFB
                    • SetWindowPos.USER32(?,00000000,00000000,604EB446,00000000,00000000,00000015,?,?,00000000,?,?,?,?,604EB446,?), ref: 00DC8B5E
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ClientScreenWindow$Rect
                    • String ID:
                    • API String ID: 3998357320-0
                    • Opcode ID: 47ce825ff8cf6c908db62eae443f26c1e024f4fb0073259ea22608fc2f4cbd92
                    • Instruction ID: 56dc66c1159b3361a19a74620c033bd359dfbd6636b30f0acc2686bd9b81e061
                    • Opcode Fuzzy Hash: 47ce825ff8cf6c908db62eae443f26c1e024f4fb0073259ea22608fc2f4cbd92
                    • Instruction Fuzzy Hash: 04212AB160420AAFD710CF28DD85E6BB7A9EBD9710F00861EF954D7250D730E9059BA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E37390 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                    Download Yara Rule
                    APIs
                    • EnterCriticalSection.KERNEL32(00F4F2E8,00F4F2D8,00000000,C000008C,00000001, t,00F4F2D8,00E3749D), ref: 00E3742A
                    • LeaveCriticalSection.KERNEL32(00F4F2E8), ref: 00E3743B
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave
                    • String ID: t$@v
                    • API String ID: 3168844106-1129858910
                    • Opcode ID: de802dd85cc1531fd7b521b1befee8b3d331d1c0285533ffa93e783b29a6fc1f
                    • Instruction ID: f26662158f78369bf7015faf05a95c658fed897c3c0631de5d98713cc55a7320
                    • Opcode Fuzzy Hash: de802dd85cc1531fd7b521b1befee8b3d331d1c0285533ffa93e783b29a6fc1f
                    • Instruction Fuzzy Hash: A911B2F26045129BDB20AB69D849A9AFBE8AF50710F014526F895E7210EB30FC51D7A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DCB2D0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                    Download Yara Rule
                    APIs
                    • InitializeCriticalSection.KERNEL32(?,604EB446,?), ref: 00DCB32D
                    • EnterCriticalSection.KERNEL32(?,604EB446,?), ref: 00DCB33A
                    • LeaveCriticalSection.KERNEL32(?), ref: 00DCB362
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterInitializeLeave
                    • String ID: @v
                    • API String ID: 3991485460-311380672
                    • Opcode ID: 0968a42e4f3df47c9bc26aabd5acdb42e771b6a80c7811eec26f149beda5b065
                    • Instruction ID: f51cce8d49a42782dc3a3f0b6e2480ec29af7ffefafa78c5813c092678d3f99f
                    • Opcode Fuzzy Hash: 0968a42e4f3df47c9bc26aabd5acdb42e771b6a80c7811eec26f149beda5b065
                    • Instruction Fuzzy Hash: 9F21A5769043899FCF11DF64D840BE9BB74FB56334F1401AAD855A7391C7329909DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC28E0 Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetClientRect.USER32(?,?), ref: 00DC290A
                    • BitBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00CC0020), ref: 00DC2935
                    • DeleteDC.GDI32(?), ref: 00DC293C
                    • ReleaseDC.USER32(?,?), ref: 00DC2949
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ClientDeleteRectRelease
                    • String ID:
                    • API String ID: 2015589292-0
                    • Opcode ID: ada8ba17b628194ca824bcfeeaf3290c2e4d13aa1be97009c9e0b459ddace5fe
                    • Instruction ID: 9f965fc5dfd9fbad6659305ce53b42b9d20f25774f33d44e78e14979e8f41287
                    • Opcode Fuzzy Hash: ada8ba17b628194ca824bcfeeaf3290c2e4d13aa1be97009c9e0b459ddace5fe
                    • Instruction Fuzzy Hash: F9010272204205AFD310EB69DD09B2BBBF9EB88710F44492DF58592260C770E8058BA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E4F310 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 298COMMON
                    Download Yara Rule
                    APIs
                    • PathIsUNCW.SHLWAPI(?,?,00000000,?,604EB446,?), ref: 00E4F432
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Path
                    • String ID: \\?\$\\?\UNC\
                    • API String ID: 2875597873-3019864461
                    • Opcode ID: 136974703006ef2c8450e87bb0bcb8c2aeb320fea656b977d75eaaeb87b929a0
                    • Instruction ID: e884722b1a90018feaa0ed821d0e2215c20e7291f461989384e11c4aee260e19
                    • Opcode Fuzzy Hash: 136974703006ef2c8450e87bb0bcb8c2aeb320fea656b977d75eaaeb87b929a0
                    • Instruction Fuzzy Hash: A7B1F071A006068BDB00DFA8C885BAFB7F5FF94718F14867CE515AB295DB74A904CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E86540 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244fileCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB9CE0: GetProcessHeap.KERNEL32 ref: 00DB9D35
                    • DeleteFileW.KERNEL32(?), ref: 00E8661A
                    • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 00E8674F
                      • Part of subcall function 00E75680: CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,604EB446,00000001,76D7E430,00000000), ref: 00E756CF
                      • Part of subcall function 00E75680: ReadFile.KERNEL32(00000000,?,000003FF,?,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000,604EB446,00000001,76D7E430,00000000), ref: 00E75705
                      • Part of subcall function 00E72D20: LoadStringW.USER32(000000A1,?,00000514,604EB446), ref: 00E72D76
                    Strings
                    • --verbose --log-file="%s" --remove-pack-file "%s" "%s", xrefs: 00E865CE
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: File$Delete$CreateHeapLoadProcessReadString
                    • String ID: --verbose --log-file="%s" --remove-pack-file "%s" "%s"
                    • API String ID: 856989409-3685554107
                    • Opcode ID: 4f6d92a51a964ce360b026bd1fb35dd8d8f258a541b331914ea7c56fc9207a50
                    • Instruction ID: 21d293027a6730d62f52242577f41deab9392121ee9a4bfe2a86725c51e3d0f3
                    • Opcode Fuzzy Hash: 4f6d92a51a964ce360b026bd1fb35dd8d8f258a541b331914ea7c56fc9207a50
                    • Instruction Fuzzy Hash: 8691C371900645DFDB00EF68C844B9EBBF5EF45328F148269E919EB292EB35DD04CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DBCEF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 217windowCOMMON
                    Download Yara Rule
                    APIs
                    • CreateWindowExW.USER32(00000000,AtlAxWin140,?,?,?,80000000,00000000,00000000,?,00000000,00000000), ref: 00DBCF66
                    • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00DBD02C
                      • Part of subcall function 00DBE820: SysFreeString.OLEAUT32(00000000), ref: 00DBE8C3
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CreateFreeMessageSendStringWindow
                    • String ID: AtlAxWin140
                    • API String ID: 4045344427-3842940177
                    • Opcode ID: 6dd552c6a2b00ed5c804d97478d99ab6014fefba49369d3d97d63bd2938458cb
                    • Instruction ID: 0f0967560f247ac637aae557bcd92b66c0b6b96d711735275312bcecacef8ff9
                    • Opcode Fuzzy Hash: 6dd552c6a2b00ed5c804d97478d99ab6014fefba49369d3d97d63bd2938458cb
                    • Instruction Fuzzy Hash: E0814474600209EFDB14DF68C888F9ABBB5FF48714F248599F91A9B391C771E901CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00ED6340 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 209COMMON
                    Download Yara Rule
                    APIs
                    • GetFileAttributesW.KERNEL32(?,?), ref: 00ED644A
                    • GetFileAttributesW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00ED65B0
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: AttributesFile
                    • String ID: |^
                    • API String ID: 3188754299-2783013017
                    • Opcode ID: 32ba5458e7507fc9917b314f0b52b7f1ada7ba074264db086b9ce15b0f0331a0
                    • Instruction ID: fb99450eb140a7eb1e0c40d9a3745069ce2a4b29f1990184fca6a453bdfe1c02
                    • Opcode Fuzzy Hash: 32ba5458e7507fc9917b314f0b52b7f1ada7ba074264db086b9ce15b0f0331a0
                    • Instruction Fuzzy Hash: AAA126B0C04248DBDB20DFA8C858BDEFBF4EF58318F244159E415B7282DB745A49CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E12CD0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 208COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DeleteObject
                    • String ID: </a>$<a>
                    • API String ID: 1531683806-3970591206
                    • Opcode ID: a5b4807b1e21ad828a07d02798303b31f0a67aaea67ad4af8031055ff7b4e523
                    • Instruction ID: 35ebd1eb492f6a22f67907ff3be3f1583b4e7cffb9334a595ff464ada7f98d96
                    • Opcode Fuzzy Hash: a5b4807b1e21ad828a07d02798303b31f0a67aaea67ad4af8031055ff7b4e523
                    • Instruction Fuzzy Hash: 0F913270A00605DFCB15DF68C855BDEBBF4FF49314F10465DE426AB2A1EB70AA49CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E7E870 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON
                    Download Yara Rule
                    APIs
                    • GetTempPathW.KERNEL32(00000104,?,604EB446,?,?,00F9D648), ref: 00E7E8AF
                    • CreateDirectoryW.KERNEL32(?,00000000,?,00F9D648), ref: 00E7E910
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CreateDirectoryPathTemp
                    • String ID: ADVINST_LOGS
                    • API String ID: 2885754953-2492584244
                    • Opcode ID: 7d97582211496b8eadbec56b0d328fa50a3e9d45cc6fca94c5ad9092ba730329
                    • Instruction ID: 4edf7c63baeb202181c4b8a4712fb6ec5629476a570460ba8b7a7789d9ef4529
                    • Opcode Fuzzy Hash: 7d97582211496b8eadbec56b0d328fa50a3e9d45cc6fca94c5ad9092ba730329
                    • Instruction Fuzzy Hash: 7C51D476900259CACB709F28C8447B9B3F4FF58718F1496EEE949A7390EB348D81CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E12B30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140windowCOMMON
                    Download Yara Rule
                    APIs
                    • CreateWindowExW.USER32(?,STATIC,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00E12C35
                    • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00E12C4D
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: AllocateCreateHeapMessageSendWindow
                    • String ID: STATIC
                    • API String ID: 3711884052-1882779555
                    • Opcode ID: d32de832c1b3afee9c4b9e2d60f764c5206ec9d3c6cd6e13f17f15b8bab52408
                    • Instruction ID: 61bea324ab50a7a746467c67ae80366e0241e2f876815f1e6229739ebfdb04e7
                    • Opcode Fuzzy Hash: d32de832c1b3afee9c4b9e2d60f764c5206ec9d3c6cd6e13f17f15b8bab52408
                    • Instruction Fuzzy Hash: FB515C75A002099FCB14DF69CC84FEDBBB4FF49714F14426DE915AB295DB70A900CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E39340 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                    Download Yara Rule
                    APIs
                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,604EB446,00000000,00000000), ref: 00E393E6
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: CountCriticalInitializeSectionSpin
                    • String ID: @v
                    • API String ID: 2593887523-311380672
                    • Opcode ID: 6afd9aaa138ed9c32c579dd4d7bc8d27af66f339162c68b589e34b8793fc562e
                    • Instruction ID: f45c034f95057a3385645976a04c2804afbada5e14634997641beebd1ba25152
                    • Opcode Fuzzy Hash: 6afd9aaa138ed9c32c579dd4d7bc8d27af66f339162c68b589e34b8793fc562e
                    • Instruction Fuzzy Hash: E151BF75A043189BCB24CF10CC54BEABBB4FF45314F0042D9D80AA7691EB715A85CF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E69060 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136registryCOMMON
                    Download Yara Rule
                    APIs
                    • FreeLibrary.KERNEL32(?,604EB446,?,?,75972EE0,?,00000000), ref: 00E6909C
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                    • RegCloseKey.ADVAPI32(00000000), ref: 00E690E7
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: AllocateCloseFreeHeapLibrary
                    • String ID: Software\Caphyon\Setups
                    • API String ID: 3002836864-2348175745
                    • Opcode ID: 7b669e245c757d3c5d004758cb36ca7fd1eca1dc6fcba8c547fb01d0f7511379
                    • Instruction ID: 4daaa9a1eee64d047e0167d0a509ad4fdcf611dabbe57018807d9858b3cbe399
                    • Opcode Fuzzy Hash: 7b669e245c757d3c5d004758cb36ca7fd1eca1dc6fcba8c547fb01d0f7511379
                    • Instruction Fuzzy Hash: D441C0B090174ADFDB10DF69D848B5AFBF8FF01314F108669E415AB292D775DA08CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E30140 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136COMMON
                    Download Yara Rule
                    APIs
                    • GetClientRect.USER32(00000000,?), ref: 00E30238
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: ClientRect
                    • String ID: AI_EXTENDER_IMAGES$AI_EXTEND_GLASS
                    • API String ID: 846599473-2253104777
                    • Opcode ID: 64099d5e539b6af3c66f3eeca8676487cd89fe202fb2eeb3e98984868599ec3f
                    • Instruction ID: 536f2481ad6204a9edfb570b82e943b4f3e8d6ed9d781e8fe624ce7dc9ab4b4c
                    • Opcode Fuzzy Hash: 64099d5e539b6af3c66f3eeca8676487cd89fe202fb2eeb3e98984868599ec3f
                    • Instruction Fuzzy Hash: 26511D71D01259DFDF14DFA4C898BDEBBB8FF49314F144169E805AB291EB74A904CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E010A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                      • Part of subcall function 00E2B850: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00DCE8F8,00000000,80004005), ref: 00E2B8BB
                      • Part of subcall function 00E2B850: RedrawWindow.USER32(?,00000000,00000000,00000541,?,?,?,000000EF,?,00DCE8F8,00000000,80004005), ref: 00E2B8CC
                      • Part of subcall function 00E2B850: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E2B8EB
                    • SendMessageW.USER32(?,00001036,00000004,00000004), ref: 00E011EA
                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 00E0124A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSend$Window$AllocateHeapRedraw
                    • String ID: CheckList
                    • API String ID: 884508843-2125086898
                    • Opcode ID: 01b1feaacbd549d9dc8f9888c94fea825c454841e352c34ef79bb6af00932373
                    • Instruction ID: 9f050d1d29bd8ec5d8ecf87699c66c219466871328983c068d99f40fd9870099
                    • Opcode Fuzzy Hash: 01b1feaacbd549d9dc8f9888c94fea825c454841e352c34ef79bb6af00932373
                    • Instruction Fuzzy Hash: 53517B70A002099FDB08DF65C894BAEB7F4FF89314F10465DF516AB291DB70A944CFA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E268C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00DB99B0: RtlAllocateHeap.NTDLL(?,00000000,?,604EB446,00000000,00EFE010,000000FF,?,?,00F931E4,?,00E81F08,80004005,604EB446), ref: 00DB99FA
                      • Part of subcall function 00E2B850: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00DCE8F8,00000000,80004005), ref: 00E2B8BB
                      • Part of subcall function 00E2B850: RedrawWindow.USER32(?,00000000,00000000,00000541,?,?,?,000000EF,?,00DCE8F8,00000000,80004005), ref: 00E2B8CC
                      • Part of subcall function 00E2B850: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E2B8EB
                    • SendMessageW.USER32(?,00001036,00000020,00000020), ref: 00E26A07
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: MessageSendWindow$AllocateHeapRedraw
                    • String ID: M$VolumeCostList
                    • API String ID: 478434130-822802176
                    • Opcode ID: 93a6c6603ea45ee4bd9323593214efb026e024da7ec93ab4464062a1813fc970
                    • Instruction ID: f59b17f8c115856833a0947ffee6c94bf587282459e71529be7bdd99bb35dc16
                    • Opcode Fuzzy Hash: 93a6c6603ea45ee4bd9323593214efb026e024da7ec93ab4464062a1813fc970
                    • Instruction Fuzzy Hash: 65415A71A006089FDB18DFA8D854FEEB7F4FF49314F10465DE516AB2A1DB31A904CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DC68F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103registryCOMMON
                    Download Yara Rule
                    APIs
                    • RegCloseKey.ADVAPI32(?,00000000,?,?,Function_00192988,00000000,00000000,80000001,00000001,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033,604EB446), ref: 00DC6A1B
                    • CloseHandle.KERNEL32(?,604EB446), ref: 00DC6A54
                    Strings
                    • AppEvents\Schemes\Apps\Explorer\Navigating\.Current, xrefs: 00DC6958
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Close$Handle
                    • String ID: AppEvents\Schemes\Apps\Explorer\Navigating\.Current
                    • API String ID: 187904097-2431777889
                    • Opcode ID: 95e255017e32a988a713e1bd0b05db846a6b02553412d57062c2b7fe8be9f623
                    • Instruction ID: e8d4251829185e27abbe7321421ee641bb83d6fa4e9040e543c893218bf3edb0
                    • Opcode Fuzzy Hash: 95e255017e32a988a713e1bd0b05db846a6b02553412d57062c2b7fe8be9f623
                    • Instruction Fuzzy Hash: 7F415970D00258EADB20DFA4C949BDEBBF8FF04314F148199E405B7281DBB4AA48DBA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E4D240 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101windowCOMMON
                    Download Yara Rule
                    APIs
                    • FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,00000000,00000000,00000000,604EB446,00F4FDE8), ref: 00E4D298
                    • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 00E4D394
                    Strings
                    • Failed to get Windows error message [win32 error 0x, xrefs: 00E4D2B6
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: FormatFreeLocalMessage
                    • String ID: Failed to get Windows error message [win32 error 0x
                    • API String ID: 1427518018-3373098694
                    • Opcode ID: d20f766fa290a91d13c218ae101e2c451b53a9bcc87a35634a867b38350cedf7
                    • Instruction ID: 10516cdf55ef61ebb35c04fe3fbd71e261ad6f2c214a3528a63535d8e72287bc
                    • Opcode Fuzzy Hash: d20f766fa290a91d13c218ae101e2c451b53a9bcc87a35634a867b38350cedf7
                    • Instruction Fuzzy Hash: BF419F71A043099BDB10DF68DD09BAEB7F8FF44714F104599E515EB290DBB89A08CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00E98560 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                    Download Yara Rule
                    APIs
                    • OpenEventW.KERNEL32(00000000,00000000,00000001,_pbl_evt,00000008,?,?,00F50440,00000001,604EB446,00000000), ref: 00E9860E
                    • CreateEventW.KERNEL32(00000000,00000001,00000001,?), ref: 00E9862B
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Event$CreateOpen
                    • String ID: _pbl_evt
                    • API String ID: 2335040897-4023232351
                    • Opcode ID: 61f7692f77f36e8566222e79355bfe5a397adde230b3950d84cc2bf902f9221c
                    • Instruction ID: 3ae617bfeaeb6c1b5960cd63a97c33d65d997e50ed726ce0526f60bbf4571302
                    • Opcode Fuzzy Hash: 61f7692f77f36e8566222e79355bfe5a397adde230b3950d84cc2bf902f9221c
                    • Instruction Fuzzy Hash: 58312771D00208EFDB10DFA8D956BEEB7F8EB18714F508119E911B7280DB74AA09DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00EDB30E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                    Download Yara Rule
                    APIs
                    • VirtualQuery.KERNEL32(80000000,00EDB256,0000001C,00EDB448,00000000,?,?,?,?,?,?,?,00EDB256,00000004,00F9C43C,00EDB4D8), ref: 00EDB31F
                    • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00EDB256,00000004,00F9C43C,00EDB4D8), ref: 00EDB33A
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: InfoQuerySystemVirtual
                    • String ID: D
                    • API String ID: 401686933-2746444292
                    • Opcode ID: ab98a2aeecbed990bc255191ccbaea75feaf0a931b8bb3e6a72bdeaba5585f2d
                    • Instruction ID: cc6e9bd3df3bb605c7471d120953bcc229c0af8f7dffb7b92248da67b5c36976
                    • Opcode Fuzzy Hash: ab98a2aeecbed990bc255191ccbaea75feaf0a931b8bb3e6a72bdeaba5585f2d
                    • Instruction Fuzzy Hash: D8018472600109EBDB14EE25DC05AED7BAAEBC4328F09C225AD59E6254E774D9029A80
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DF45F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                    Download Yara Rule
                    APIs
                    • CreateWindowExW.USER32(?,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00DF464F
                    • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,00DF357C,00000000,604EB446,?,?), ref: 00DF4668
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: Window$Create
                    • String ID: tooltips_class32
                    • API String ID: 870168347-1918224756
                    • Opcode ID: c49bd3431b60f829cdcb468b76a1a155b2c6b6d3af5b8c0dfa033f6278f2f665
                    • Instruction ID: 892573a2ea2b7dbc01859e2a1895ddcce0e2d7057dfce3592252aa0ab6ff1c8a
                    • Opcode Fuzzy Hash: c49bd3431b60f829cdcb468b76a1a155b2c6b6d3af5b8c0dfa033f6278f2f665
                    • Instruction Fuzzy Hash: 2901B4313C131ABAF7248764DC5BFE17298D741B51F34C22AFB40FD0D0D6A6A921E698
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00DE3200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.150087351719.0000000000DB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00DB0000, based on PE: true
                    • Associated: 00000005.00000002.150087318823.0000000000DB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087793615.0000000000F37000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087890899.0000000000F97000.00000004.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000005.00000002.150087926211.0000000000F9E000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_db0000_ReefMasterSonarViewer1.jbxd
                    Similarity
                    • API ID: DeleteRelease
                    • String ID: deque<T> too long
                    • API String ID: 1449374869-309773918
                    • Opcode ID: 6756ec0f613260bb331986248c0b03a199befd600c720ee904d26787635117ed
                    • Instruction ID: 5d83737afb7dd845c4e011348816b94739346330cfea376c733b1669a46ee157
                    • Opcode Fuzzy Hash: 6756ec0f613260bb331986248c0b03a199befd600c720ee904d26787635117ed
                    • Instruction Fuzzy Hash: B30169B1908608EFD720EF88DD04B5ABBF8EB08720F20065AF865D3780D7B499009BA0
                    Uniqueness

                    Uniqueness Score: -1.00%