Edit tour

Windows Analysis Report
wlogon.exe

Overview

General Information

Sample name:wlogon.exe
Analysis ID:1526177
MD5:87c6d766d6048e521338054117217074
SHA1:702dff2e0e597d53a9a4e5a60ac1fee71c69a0d3
SHA256:623a129ab187469af1154a99dbc64a7764dd34485be48f762260d39c98b9761a
Tags:exeuser-notajungman
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Contain functionality to detect virtual machines
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
PE file contains sections with non-standard names
Program does not show much activity (idle)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • wlogon.exe (PID: 3556 cmdline: "C:\Users\user\Desktop\wlogon.exe" MD5: 87C6D766D6048E521338054117217074)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results
Source: wlogon.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6749FC FindFirstFileExW,0_2_00007FF7FC6749FC
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC637E10 recv,recvfrom,WSAGetLastError,0_2_00007FF7FC637E10
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC64CD900_2_00007FF7FC64CD90
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6665640_2_00007FF7FC666564
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC64B5600_2_00007FF7FC64B560
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC64FD500_2_00007FF7FC64FD50
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC64B5B00_2_00007FF7FC64B5B0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC65EDA00_2_00007FF7FC65EDA0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC631E900_2_00007FF7FC631E90
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC672E840_2_00007FF7FC672E84
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC66563C0_2_00007FF7FC66563C
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC675E180_2_00007FF7FC675E18
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC66CECC0_2_00007FF7FC66CECC
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC65E7900_2_00007FF7FC65E790
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC650FE00_2_00007FF7FC650FE0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC632FD00_2_00007FF7FC632FD0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6717A40_2_00007FF7FC6717A4
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC65D8400_2_00007FF7FC65D840
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC64B8400_2_00007FF7FC64B840
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6658240_2_00007FF7FC665824
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6670240_2_00007FF7FC667024
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6310D00_2_00007FF7FC6310D0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC65A0D00_2_00007FF7FC65A0D0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6778BC0_2_00007FF7FC6778BC
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC64A0C00_2_00007FF7FC64A0C0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC675E180_2_00007FF7FC675E18
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6711240_2_00007FF7FC671124
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC665A0C0_2_00007FF7FC665A0C
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC66B2100_2_00007FF7FC66B210
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6749FC0_2_00007FF7FC6749FC
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC63CA000_2_00007FF7FC63CA00
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC66B9F00_2_00007FF7FC66B9F0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6661D80_2_00007FF7FC6661D8
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6771B80_2_00007FF7FC6771B8
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC66DAF40_2_00007FF7FC66DAF4
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC65D2B00_2_00007FF7FC65D2B0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC64B2A00_2_00007FF7FC64B2A0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC64EB900_2_00007FF7FC64EB90
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC679B600_2_00007FF7FC679B60
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6323400_2_00007FF7FC632340
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC672C080_2_00007FF7FC672C08
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6784140_2_00007FF7FC678414
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC650C100_2_00007FF7FC650C10
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC67D3E80_2_00007FF7FC67D3E8
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC666BF00_2_00007FF7FC666BF0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC65E3A00_2_00007FF7FC65E3A0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC65F4900_2_00007FF7FC65F490
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC647C800_2_00007FF7FC647C80
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC670C740_2_00007FF7FC670C74
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC65EC300_2_00007FF7FC65EC30
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC668D0C0_2_00007FF7FC668D0C
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC648CF00_2_00007FF7FC648CF0
Source: wlogon.exeBinary string: \Device\Afd\Wepollntdll.dllNtCancelIoFileExNtCreateFileNtCreateKeyedEventNtDeviceIoControlFileNtReleaseKeyedEventNtWaitForKeyedEventRtlNtStatusToDosError?
Source: classification engineClassification label: mal48.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC637970 accept,getsockname,WSAGetLastError,FormatMessageA,0_2_00007FF7FC637970
Source: wlogon.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\wlogon.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\wlogon.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\wlogon.exeSection loaded: kernel.appcore.dllJump to behavior
Source: wlogon.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: wlogon.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: wlogon.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: wlogon.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: wlogon.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: wlogon.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: wlogon.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: wlogon.exeStatic PE information: section name: _RDATA
Source: wlogon.exeStatic PE information: section name: .uniques

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\wlogon.exeCode function: vboxhook.dll VBoxHook.dll vmtools.dll 0_2_00007FF7FC6337A0
Source: wlogon.exeBinary or memory string: 1.1.1.1^([^\|]+)\|([^\|]+)\|([^\|]+)\|([^\|]+)\|([^\|]+)$WIN{"CLIENT_VERSION":"%.*S.%S.%.*S"}SBIEDLL.DLLSBIEDLL.DLLVBOXHOOK.DLLVBOXHOOK.DLLVMCHECK.DLLVMSRVC.DLLVMTOOLS.DLLVGAUTH.DLLVMHGFS.DLLVMGUESTLIB.DLLPI IS %G
Source: wlogon.exeBinary or memory string: SBIEDLL.DLL
Source: wlogon.exe, 00000000.00000002.2025012019.000001F3AE9EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL)
Source: C:\Users\user\Desktop\wlogon.exeAPI coverage: 3.6 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC639DC0 GetLocalTime followed by cmp: cmp ecx, 01h and CTI: jne 00007FF7FC639F14h0_2_00007FF7FC639DC0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6749FC FindFirstFileExW,0_2_00007FF7FC6749FC
Source: wlogon.exeBinary or memory string: vboxhook.dll
Source: wlogon.exe, 00000000.00000002.2025012019.000001F3AE9EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmhgfs.dll_
Source: wlogon.exe, 00000000.00000002.2025012019.000001F3AE9EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmguestlib.dllQ
Source: wlogon.exeBinary or memory string: vmtools.dll
Source: wlogon.exeBinary or memory string: vmsrvc.dll
Source: wlogon.exe, 00000000.00000002.2025012019.000001F3AE9EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxhook.dlll8
Source: wlogon.exeBinary or memory string: vmhgfs.dll
Source: wlogon.exe, 00000000.00000002.2025012019.000001F3AE9EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VBoxHook.dll5
Source: wlogon.exeBinary or memory string: 1.1.1.1^([^\|]+)\|([^\|]+)\|([^\|]+)\|([^\|]+)\|([^\|]+)$win{"client_version":"%.*s.%s.%.*s"}sbiedll.dllsbieDll.dllvboxhook.dllVBoxHook.dllvmcheck.dllvmsrvc.dllvmtools.dllvgauth.dllvmhgfs.dllvmguestlib.dllPI is %g
Source: wlogon.exe, 00000000.00000002.2025012019.000001F3AE9EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmsrvc.dllo
Source: wlogon.exeBinary or memory string: VBoxHook.dll
Source: wlogon.exeBinary or memory string: vmguestlib.dll
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6337A0 IsDebuggerPresent,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,0_2_00007FF7FC6337A0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC676FFC GetProcessHeap,0_2_00007FF7FC676FFC
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC661628 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7FC661628
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC633950 Sleep,SetUnhandledExceptionFilter,GetModuleFileNameA,0_2_00007FF7FC633950
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC6619DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7FC6619DC
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC66FB54 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7FC66FB54
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC661BC0 SetUnhandledExceptionFilter,0_2_00007FF7FC661BC0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC67D230 cpuid 0_2_00007FF7FC67D230
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC639DC0 GetLocalTime,EnterCriticalSection,LeaveCriticalSection,0_2_00007FF7FC639DC0
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC672E84 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7FC672E84
Source: C:\Users\user\Desktop\wlogon.exeCode function: 0_2_00007FF7FC63B4D0 WSAStartup,htonl,socket,bind,listen,getsockname,socket,connect,accept,closesocket,closesocket,closesocket,closesocket,0_2_00007FF7FC63B4D0
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
1
DLL Side-Loading
11
Virtualization/Sandbox Evasion
OS Credential Dumping12
System Time Discovery
Remote Services1
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
DLL Side-Loading
LSASS Memory221
Security Software Discovery
Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager11
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS1
File and Directory Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets12
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1526177 Sample: wlogon.exe Startdate: 04/10/2024 Architecture: WINDOWS Score: 48 8 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->8 5 wlogon.exe 2->5         started        process3 signatures4 10 Contain functionality to detect virtual machines 5->10 12 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 5->12

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
wlogon.exe8%ReversingLabsWin64.PUA.SoftCnapp
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
No contacted IP infos
Joe Sandbox version:41.0.0 Charoite
Analysis ID:1526177
Start date and time:2024-10-04 22:00:07 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 53s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:wlogon.exe
Detection:MAL
Classification:mal48.evad.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 94%
  • Number of executed functions: 7
  • Number of non-executed functions: 107
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated
  • Exclude process from analysis (whitelisted): dllhost.exe
  • VT rate limit hit for: wlogon.exe
No simulations
No context
No context
No context
No context
No context
No created / dropped files found
File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):6.444327896274894
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:wlogon.exe
File size:426'496 bytes
MD5:87c6d766d6048e521338054117217074
SHA1:702dff2e0e597d53a9a4e5a60ac1fee71c69a0d3
SHA256:623a129ab187469af1154a99dbc64a7764dd34485be48f762260d39c98b9761a
SHA512:ba9ba4a1f1256d16b46e82a0b3a6dc3e980def985564c689f3585e505876037843adc33a4f4bac67dc6b47722a9f4527e5fd8e22e1e554d7c3c04830cc542e70
SSDEEP:6144:d3ObrJReIjxwwZT2qbAU/yZGXlTVGgh1wR+44tIiwCcRKz15mH:d34rJRDwuT2GAU/y6TVGgh1wOZ5m
TLSH:BF947D95F3E414F8D5A7C238C6564607EBB2B4151321DBDF03A88A6A2F13BE15E3EB11
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........".................H..........@..........................................`................................
Icon Hash:0424c49885bab885
Entrypoint:0x140031348
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x66CEBE8D [Wed Aug 28 06:07:09 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:a9c7bfe311ed91b5f199529f439a57a0
Instruction
dec eax
sub esp, 28h
call 00007EFEA5058FF8h
dec eax
add esp, 28h
jmp 00007EFEA50588FFh
int3
int3
dec eax
sub esp, 28h
call 00007EFEA5059568h
test eax, eax
je 00007EFEA5058AA3h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007EFEA5058A87h
dec eax
cmp ecx, eax
je 00007EFEA5058A96h
xor eax, eax
dec eax
cmpxchg dword ptr [00034C18h], ecx
jne 00007EFEA5058A70h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h
jmp 00007EFEA5058A79h
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
movzx eax, byte ptr [00034C03h]
test ecx, ecx
mov ebx, 00000001h
cmove eax, ebx
mov byte ptr [00034BF3h], al
call 00007EFEA505936Fh
call 00007EFEA505A22Ah
test al, al
jne 00007EFEA5058A86h
xor al, al
jmp 00007EFEA5058A96h
call 00007EFEA5064A45h
test al, al
jne 00007EFEA5058A8Bh
xor ecx, ecx
call 00007EFEA505A23Ah
jmp 00007EFEA5058A6Ch
mov al, bl
dec eax
add esp, 20h
pop ebx
ret
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
cmp byte ptr [00034BB8h], 00000000h
mov ebx, ecx
jne 00007EFEA5058AE9h
cmp ecx, 01h
jnbe 00007EFEA5058AECh
call 00007EFEA50594CEh
test eax, eax
je 00007EFEA5058AAAh
test ebx, ebx
jne 00007EFEA5058AA6h
dec eax
lea ecx, dword ptr [00034BA2h]
call 00007EFEA5058B62h
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x61d440x50.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x6e0000x1330.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x680000x3ee8.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x700000xa58.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x5d0900x138.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x4f0000x410.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x4d1000x4d200cbbe40a6e50eb517b2f8837cab34ae5aFalse0.550930029376013data6.467951044899261IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x4f0000x139c20x13a009bbc13adc81f0ac7a826ff876ed08c3bFalse0.4710390127388535data5.479069171443292IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x630000x46980xe00180a8c8ad0ec7fddd70e238e9cec82e4False0.1484375data1.9318506016685375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x680000x3ee80x4000a6a332fb92ec1d1f7ec4dafdc2d33153False0.477294921875PEX Binary Archive5.703765867853137IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA0x6c0000xf40x200de82bd225ccfba2cd60d9fa0607ba765False0.314453125data2.44396225347699IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.uniques0x6d0000x1f0x2005bad05a2f49489d4f4c80f74cef303f7False0.083984375ASCII text, with no line terminators0.5859127733147627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x6e0000x13300x140000aa56cb1971fafdc9e4cffc23637369False0.6853515625data6.624363760031692IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x700000xa580xc00347ce8ca5d48998ecdae2344948a13faFalse0.4772135416666667data5.114128650365127IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x6e1300xdd1PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.7989821882951654
RT_GROUP_ICON0x6ef080x14dataEnglishUnited States1.05
RT_VERSION0x6ef200x28cPGP symmetric key encrypted data - Plaintext or unencrypted dataEnglishUnited States0.504601226993865
RT_MANIFEST0x6f1b00x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
DLLImport
WS2_32.dllWSAIoctl, ntohl, socket, inet_pton, getaddrinfo, WSAStartup, htonl, inet_ntop, htons, freeaddrinfo, getsockopt, ioctlsocket, accept, getpeername, getsockname, connect, recvfrom, recv, sendto, WSAGetLastError, bind, closesocket, listen, send, ntohs
bcrypt.dllBCryptGenRandom
KERNEL32.dllGetStartupInfoW, SetEndOfFile, WriteConsoleW, HeapSize, GetFileAttributesExW, CreateProcessW, GetExitCodeProcess, WaitForSingleObject, GetProcessHeap, GetStringTypeW, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FindFirstFileExW, GetFileSizeEx, DeleteFileW, FlushFileBuffers, SetFilePointerEx, SetStdHandle, HeapReAlloc, GetModuleHandleA, Sleep, IsDebuggerPresent, GetModuleFileNameA, SetUnhandledExceptionFilter, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, GetCurrentThreadId, DeleteCriticalSection, GetCurrentProcessId, GetLocalTime, QueryPerformanceFrequency, QueryPerformanceCounter, FormatMessageA, FindClose, FindNextFileW, GetLastError, MultiByteToWideChar, WideCharToMultiByte, GetSystemTimeAsFileTime, InitializeSRWLock, InitOnceExecuteOnce, SetLastError, GetHandleInformation, GetTickCount64, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, CloseHandle, ReleaseSRWLockShared, GetQueuedCompletionStatusEx, GetProcAddress, AcquireSRWLockShared, GetModuleHandleW, CreateIoCompletionPort, SetFileCompletionNotificationModes, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, InitializeSListHead, RtlUnwindEx, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetCommandLineW, GetTimeZoneInformation, ExitProcess, GetModuleHandleExW, CreateFileW, GetFileType, ReadFile, GetStdHandle, WriteFile, GetModuleFileNameW, GetConsoleMode, ReadConsoleW, GetConsoleOutputCP, HeapAlloc, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
Language of compilation systemCountry where language is spokenMap
EnglishUnited States
No network behavior found
0246810s020406080100

Click to jump to process

0246810sMB

Click to jump to process

Target ID:0
Start time:16:00:56
Start date:04/10/2024
Path:C:\Users\user\Desktop\wlogon.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\wlogon.exe"
Imagebase:0x7ff7fc630000
File size:426'496 bytes
MD5 hash:87C6D766D6048E521338054117217074
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:1%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:3.1%
Total number of Nodes:257
Total number of Limit Nodes:6
Show Legend
Hide Nodes/Edges
execution_graph 27529 7ff7fc63a990 81 API calls __std_exception_copy 27564 7ff7fc63ce90 recv WSAGetLastError WSAGetLastError 27630 7ff7fc631490 196 API calls 27531 7ff7fc66cd7c 11 API calls 27568 7ff7fc67de81 LeaveCriticalSection _isindst 27631 7ff7fc670468 FreeLibrary 27534 7ff7fc67d970 61 API calls 2 library calls 27608 7ff7fc662b64 10 API calls __vcrt_uninitialize_locks 27609 7ff7fc661348 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter __security_init_cookie 27572 7ff7fc63ce50 send WSAGetLastError WSAGetLastError 27610 7ff7fc67b354 68 API calls 27633 7ff7fc63484f 57 API calls 27536 7ff7fc636550 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 27634 7ff7fc633c50 75 API calls 27574 7ff7fc67ae50 12 API calls _log10_special 27579 7ff7fc631e40 208 API calls 27611 7ff7fc673740 7 API calls 27538 7ff7fc662d28 47 API calls __GSHandlerCheck_EH 27582 7ff7fc665230 78 API calls __free_lconv_mon 27540 7ff7fc679930 57 API calls 3 library calls 27584 7ff7fc675e18 80 API calls 4 library calls 27542 7ff7fc63b211 8 API calls _log10_special 27543 7ff7fc632210 171 API calls __std_exception_copy 27241 7ff7fc6694fd 27253 7ff7fc66d3d8 27241->27253 27243 7ff7fc669502 27244 7ff7fc669529 GetModuleHandleW 27243->27244 27245 7ff7fc669573 27243->27245 27244->27245 27251 7ff7fc669536 27244->27251 27246 7ff7fc669400 11 API calls 27245->27246 27247 7ff7fc6695af 27246->27247 27248 7ff7fc6695b6 27247->27248 27249 7ff7fc6695cc 11 API calls 27247->27249 27250 7ff7fc6695c8 27249->27250 27251->27245 27252 7ff7fc669630 GetModuleHandleExW GetProcAddress FreeLibrary 27251->27252 27252->27245 27258 7ff7fc66f73c 47 API calls 3 library calls 27253->27258 27255 7ff7fc66d3e1 27259 7ff7fc668cb4 27255->27259 27258->27255 27268 7ff7fc669130 EnterCriticalSection LeaveCriticalSection __FrameHandler3::FrameUnwindToEmptyState 27259->27268 27261 7ff7fc668cbd 27262 7ff7fc668ccc 27261->27262 27269 7ff7fc669180 47 API calls 4 library calls 27261->27269 27264 7ff7fc668cd5 IsProcessorFeaturePresent 27262->27264 27265 7ff7fc668cff __FrameHandler3::FrameUnwindToEmptyState 27262->27265 27266 7ff7fc668ce4 27264->27266 27270 7ff7fc66fb54 14 API calls 3 library calls 27266->27270 27268->27261 27269->27262 27270->27265 27588 7ff7fc6612fc GetModuleHandleW __scrt_is_managed_app __FrameHandler3::FrameUnwindToEmptyState 27637 7ff7fc6650fc 17 API calls 2 library calls 27615 7ff7fc676ffc GetProcessHeap 27549 7ff7fc67d9f8 57 API calls 3 library calls 27639 7ff7fc67bd04 CloseHandle 27640 7ff7fc664902 57 API calls __CxxCallCatchBlock 27551 7ff7fc643603 9 API calls 27618 7ff7fc632bf0 227 API calls 3 library calls 27643 7ff7fc6610f0 81 API calls 2 library calls 27619 7ff7fc6313e0 172 API calls 27594 7ff7fc667ecc GetCommandLineA GetCommandLineW 27271 7ff7fc6611d4 27295 7ff7fc661398 27271->27295 27274 7ff7fc661320 27309 7ff7fc6619dc 7 API calls 2 library calls 27274->27309 27275 7ff7fc6611f0 __scrt_acquire_startup_lock 27277 7ff7fc66132a 27275->27277 27282 7ff7fc66120e __scrt_release_startup_lock 27275->27282 27310 7ff7fc6619dc 7 API calls 2 library calls 27277->27310 27279 7ff7fc661233 27280 7ff7fc661335 __FrameHandler3::FrameUnwindToEmptyState 27281 7ff7fc6612b9 27304 7ff7fc661b28 GetStartupInfoW __scrt_get_show_window_mode 27281->27304 27282->27279 27282->27281 27286 7ff7fc6612b1 27282->27286 27284 7ff7fc6612be 27305 7ff7fc66cab4 68 API calls 27284->27305 27303 7ff7fc6696d4 47 API calls __GSHandlerCheck_EH 27286->27303 27287 7ff7fc6612c6 27306 7ff7fc633950 277 API calls 27287->27306 27290 7ff7fc6612da 27307 7ff7fc661b6c GetModuleHandleW 27290->27307 27292 7ff7fc6612e1 27292->27280 27308 7ff7fc66152c 7 API calls __scrt_initialize_crt 27292->27308 27294 7ff7fc6612f8 27294->27279 27311 7ff7fc661ca4 27295->27311 27298 7ff7fc6613c7 27313 7ff7fc66d38c 27298->27313 27299 7ff7fc6611e8 27299->27274 27299->27275 27303->27281 27304->27284 27305->27287 27306->27290 27307->27292 27308->27294 27309->27277 27310->27280 27312 7ff7fc6613ba __scrt_dllmain_crt_thread_attach 27311->27312 27312->27298 27312->27299 27314 7ff7fc677024 27313->27314 27315 7ff7fc6613cc 27314->27315 27319 7ff7fc6757f8 27314->27319 27325 7ff7fc675740 27314->27325 27315->27299 27318 7ff7fc662b8c 7 API calls 2 library calls 27315->27318 27318->27299 27320 7ff7fc675805 27319->27320 27321 7ff7fc67584a 27319->27321 27340 7ff7fc66f810 27320->27340 27321->27314 27326 7ff7fc675763 27325->27326 27329 7ff7fc67576d 27326->27329 27528 7ff7fc673788 EnterCriticalSection 27326->27528 27330 7ff7fc6757df 27329->27330 27331 7ff7fc668cb4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 27329->27331 27330->27314 27334 7ff7fc6757f7 27331->27334 27335 7ff7fc67584a 27334->27335 27337 7ff7fc66f810 52 API calls 27334->27337 27335->27314 27338 7ff7fc675834 27337->27338 27339 7ff7fc6754d0 68 API calls 27338->27339 27339->27335 27341 7ff7fc66f83c FlsSetValue 27340->27341 27342 7ff7fc66f821 FlsGetValue 27340->27342 27344 7ff7fc66f82e 27341->27344 27345 7ff7fc66f849 27341->27345 27343 7ff7fc66f836 27342->27343 27342->27344 27343->27341 27347 7ff7fc66f834 27344->27347 27348 7ff7fc668cb4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 27344->27348 27384 7ff7fc66f34c 11 API calls _set_fmode 27345->27384 27361 7ff7fc6754d0 27347->27361 27350 7ff7fc66f8b1 27348->27350 27349 7ff7fc66f858 27351 7ff7fc66f876 FlsSetValue 27349->27351 27352 7ff7fc66f866 FlsSetValue 27349->27352 27354 7ff7fc66f894 27351->27354 27355 7ff7fc66f882 FlsSetValue 27351->27355 27353 7ff7fc66f86f 27352->27353 27385 7ff7fc66fe8c 11 API calls 2 library calls 27353->27385 27386 7ff7fc66f4ec 11 API calls _set_fmode 27354->27386 27355->27353 27358 7ff7fc66f874 27358->27344 27359 7ff7fc66f89c 27387 7ff7fc66fe8c 11 API calls 2 library calls 27359->27387 27362 7ff7fc675740 68 API calls 27361->27362 27363 7ff7fc675505 27362->27363 27388 7ff7fc6751d0 27363->27388 27366 7ff7fc675522 27366->27321 27369 7ff7fc67553b 27414 7ff7fc66fe8c 11 API calls 2 library calls 27369->27414 27371 7ff7fc67554a 27371->27371 27403 7ff7fc675874 27371->27403 27374 7ff7fc675646 27415 7ff7fc66b630 11 API calls _set_fmode 27374->27415 27376 7ff7fc6756a1 27380 7ff7fc675708 27376->27380 27418 7ff7fc675000 47 API calls 5 library calls 27376->27418 27377 7ff7fc67564b 27416 7ff7fc66fe8c 11 API calls 2 library calls 27377->27416 27379 7ff7fc675660 27379->27376 27417 7ff7fc66fe8c 11 API calls 2 library calls 27379->27417 27419 7ff7fc66fe8c 11 API calls 2 library calls 27380->27419 27384->27349 27385->27358 27386->27359 27387->27347 27420 7ff7fc668ab8 27388->27420 27391 7ff7fc675202 27393 7ff7fc675217 27391->27393 27394 7ff7fc675207 GetACP 27391->27394 27392 7ff7fc6751f0 GetOEMCP 27392->27393 27393->27366 27395 7ff7fc670814 27393->27395 27394->27393 27396 7ff7fc67085f 27395->27396 27401 7ff7fc670823 _set_fmode 27395->27401 27432 7ff7fc66b630 11 API calls _set_fmode 27396->27432 27397 7ff7fc670846 HeapAlloc 27399 7ff7fc67085d 27397->27399 27397->27401 27400 7ff7fc670864 27399->27400 27400->27369 27400->27371 27401->27396 27401->27397 27431 7ff7fc677108 EnterCriticalSection LeaveCriticalSection _set_fmode 27401->27431 27404 7ff7fc6751d0 49 API calls 27403->27404 27405 7ff7fc6758a1 27404->27405 27407 7ff7fc6758de IsValidCodePage 27405->27407 27411 7ff7fc675921 __scrt_get_show_window_mode 27405->27411 27409 7ff7fc6758ef 27407->27409 27407->27411 27410 7ff7fc675926 GetCPInfo 27409->27410 27413 7ff7fc6758f8 __scrt_get_show_window_mode 27409->27413 27410->27411 27410->27413 27444 7ff7fc6610d0 27411->27444 27433 7ff7fc6752e8 27413->27433 27414->27366 27415->27377 27416->27366 27417->27376 27418->27380 27419->27366 27421 7ff7fc668adc 27420->27421 27427 7ff7fc668ad7 27420->27427 27421->27427 27428 7ff7fc66f73c 47 API calls 3 library calls 27421->27428 27423 7ff7fc668af7 27429 7ff7fc670b9c 47 API calls 27423->27429 27425 7ff7fc668b1a 27430 7ff7fc670c08 47 API calls 27425->27430 27427->27391 27427->27392 27428->27423 27429->27425 27430->27427 27431->27401 27432->27400 27434 7ff7fc675325 GetCPInfo 27433->27434 27435 7ff7fc67541b 27433->27435 27434->27435 27440 7ff7fc675338 27434->27440 27436 7ff7fc6610d0 _log10_special 8 API calls 27435->27436 27438 7ff7fc6754ba 27436->27438 27438->27411 27453 7ff7fc6769bc 27440->27453 27443 7ff7fc672498 57 API calls 27443->27435 27445 7ff7fc6610d9 27444->27445 27446 7ff7fc6610e4 27445->27446 27447 7ff7fc66165c IsProcessorFeaturePresent 27445->27447 27446->27374 27446->27379 27448 7ff7fc661674 27447->27448 27526 7ff7fc661850 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 27448->27526 27450 7ff7fc661687 27527 7ff7fc661628 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 27450->27527 27454 7ff7fc668ab8 47 API calls 27453->27454 27455 7ff7fc6769fe 27454->27455 27473 7ff7fc673834 27455->27473 27457 7ff7fc676a3b 27460 7ff7fc6610d0 _log10_special 8 API calls 27457->27460 27458 7ff7fc676a34 27458->27457 27459 7ff7fc670814 12 API calls 27458->27459 27462 7ff7fc676b02 27458->27462 27464 7ff7fc676a64 __scrt_get_show_window_mode 27458->27464 27459->27464 27461 7ff7fc6753af 27460->27461 27468 7ff7fc672498 27461->27468 27462->27457 27463 7ff7fc66fe8c __free_lconv_mon 11 API calls 27462->27463 27463->27457 27464->27462 27465 7ff7fc673834 MultiByteToWideChar 27464->27465 27466 7ff7fc676add 27465->27466 27466->27462 27467 7ff7fc676ae8 GetStringTypeW 27466->27467 27467->27462 27469 7ff7fc668ab8 47 API calls 27468->27469 27470 7ff7fc6724bd 27469->27470 27476 7ff7fc672178 27470->27476 27474 7ff7fc67383c MultiByteToWideChar 27473->27474 27477 7ff7fc6721ba 27476->27477 27478 7ff7fc673834 MultiByteToWideChar 27477->27478 27481 7ff7fc672204 27478->27481 27479 7ff7fc67246f 27480 7ff7fc6610d0 _log10_special 8 API calls 27479->27480 27482 7ff7fc67247d 27480->27482 27481->27479 27483 7ff7fc670814 12 API calls 27481->27483 27485 7ff7fc67223a 27481->27485 27492 7ff7fc67233c 27481->27492 27482->27443 27483->27485 27486 7ff7fc673834 MultiByteToWideChar 27485->27486 27485->27492 27487 7ff7fc6722aa 27486->27487 27487->27492 27504 7ff7fc6702f8 27487->27504 27490 7ff7fc67234b 27490->27492 27493 7ff7fc670814 12 API calls 27490->27493 27495 7ff7fc672369 27490->27495 27491 7ff7fc6722f9 27491->27492 27494 7ff7fc6702f8 7 API calls 27491->27494 27492->27479 27514 7ff7fc66fe8c 11 API calls 2 library calls 27492->27514 27493->27495 27494->27492 27495->27492 27496 7ff7fc6702f8 7 API calls 27495->27496 27498 7ff7fc6723e6 27496->27498 27497 7ff7fc67241b 27497->27492 27513 7ff7fc66fe8c 11 API calls 2 library calls 27497->27513 27498->27497 27512 7ff7fc675bbc WideCharToMultiByte 27498->27512 27515 7ff7fc66fec8 27504->27515 27507 7ff7fc67039d 27525 7ff7fc6703e4 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 27507->27525 27508 7ff7fc67033e LCMapStringEx 27509 7ff7fc6703cf 27508->27509 27509->27490 27509->27491 27509->27492 27511 7ff7fc6703a7 LCMapStringW 27511->27509 27513->27492 27514->27479 27516 7ff7fc66ff29 27515->27516 27523 7ff7fc66ff24 __vcrt_InitializeCriticalSectionEx 27515->27523 27516->27507 27516->27508 27517 7ff7fc66ff58 LoadLibraryExW 27519 7ff7fc67002d 27517->27519 27520 7ff7fc66ff7d GetLastError 27517->27520 27518 7ff7fc67004d GetProcAddress 27518->27516 27522 7ff7fc67005e 27518->27522 27519->27518 27521 7ff7fc670044 FreeLibrary 27519->27521 27520->27523 27521->27518 27522->27516 27523->27516 27523->27517 27523->27518 27524 7ff7fc66ffb7 LoadLibraryExW 27523->27524 27524->27519 27524->27523 27525->27511 27526->27450 27621 7ff7fc6707d4 12 API calls 27622 7ff7fc661bd0 56 API calls __GSHandlerCheck_EH 27555 7ff7fc6611b8 48 API calls 2 library calls 27623 7ff7fc6403bd 11 API calls __std_exception_copy 27556 7ff7fc6771b8 89 API calls 5 library calls 27624 7ff7fc6747b8 58 API calls 4 library calls 27557 7ff7fc6381c0 196 API calls 27625 7ff7fc63dfc0 30 API calls 2 library calls 27597 7ff7fc66b6c0 57 API calls 5 library calls 27599 7ff7fc6376b0 173 API calls _log10_special 27626 7ff7fc6313b0 77 API calls 27628 7ff7fc670798 57 API calls _isindst 27562 7ff7fc631da0 228 API calls 27563 7ff7fc6329a0 192 API calls __std_exception_copy 27629 7ff7fc639f70 122 API calls _log10_special

Executed Functions

Control-flow Graph

APIs
  • FreeLibrary.KERNEL32(?,00000000,?,00007FF7FC670100,?,?,?,?,00007FF7FC672B89), ref: 00007FF7FC670047
  • GetProcAddress.KERNEL32(?,00000000,?,00007FF7FC670100,?,?,?,?,00007FF7FC672B89), ref: 00007FF7FC670053
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: AddressFreeLibraryProc
  • String ID: api-ms-$ext-ms-
  • API String ID: 3013587201-537541572
  • Opcode ID: 1216d640b74ff2658dd5a0d991370472e94529f5eebeac37fc1ee0fca712f9de
  • Instruction ID: b68054075c6657b5f28db0e9a5f069e306a41dfc6a54a23fe25e4c99726f159e
  • Opcode Fuzzy Hash: 1216d640b74ff2658dd5a0d991370472e94529f5eebeac37fc1ee0fca712f9de
  • Instruction Fuzzy Hash: 8E41B761B2D60281EB13AB15B804675A393BF45BE0F844535DD2D8B7C4EE3CE64593E1

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
  • String ID:
  • API String ID: 4144305933-0
  • Opcode ID: 70f521f2a993adb65e3cf181441cd61c96d089ddb944603da2a53e527f1b5d61
  • Instruction ID: 9527db6afc9bafa39434e6731564fdadd314239dac4060667532342c42625ccb
  • Opcode Fuzzy Hash: 70f521f2a993adb65e3cf181441cd61c96d089ddb944603da2a53e527f1b5d61
  • Instruction Fuzzy Hash: EB314820E0C643C6FB16BB65B0222B9B3B39F41344FC40435DA6E4F6D7DE2CA644A2E1

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: String
  • String ID: LCMapStringEx
  • API String ID: 2568140703-3893581201
  • Opcode ID: 6f1bfc136c2aa056a99c36846d55dcf51f3841c5b188988704fa586bd2101399
  • Instruction ID: 8dab936bc06940da3cefe438c4c112b6206b6cdfef9d2f0dbbb6309d56ac1561
  • Opcode Fuzzy Hash: 6f1bfc136c2aa056a99c36846d55dcf51f3841c5b188988704fa586bd2101399
  • Instruction Fuzzy Hash: F8217F35A0CB8186D761DB06B44029AB7A1FB88BD0F844136EA9D83B99CF3CD540CB50

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Process$CurrentExitTerminate
  • String ID:
  • API String ID: 1703294689-0
  • Opcode ID: b87e1a2499909a7c8eb1d1b2d35758354859ad993cbc0cf4a2c2a8cb146352e5
  • Instruction ID: 2f540b903dcebcd6c4cbaa3a3e35aef70a7a9d1db97eff67f4ff44964852dec8
  • Opcode Fuzzy Hash: b87e1a2499909a7c8eb1d1b2d35758354859ad993cbc0cf4a2c2a8cb146352e5
  • Instruction Fuzzy Hash: 6BD06224B2C70582F7157F71785547993235F44701F801838D87A463D2DD6D950E92A1

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Info
  • String ID:
  • API String ID: 1807457897-3916222277
  • Opcode ID: 8010bed5b6c8c0cc16795f82f9b75e8fac9f8ec8ecf601b13d365feb6a18cf57
  • Instruction ID: d04b127d1ab522869c2d4404b53c538cf89b2660187275c26243964b40c539db
  • Opcode Fuzzy Hash: 8010bed5b6c8c0cc16795f82f9b75e8fac9f8ec8ecf601b13d365feb6a18cf57
  • Instruction Fuzzy Hash: 9551F272A2C2C18AE7229F24E0853ADB7A2FB48344F940576D79D47A89CF7CD255CB90

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 135 7ff7fc675874-7ff7fc6758a7 call 7ff7fc6751d0 138 7ff7fc6758ad-7ff7fc6758ba 135->138 139 7ff7fc675b01-7ff7fc675b04 call 7ff7fc675250 135->139 141 7ff7fc6758bd-7ff7fc6758bf 138->141 142 7ff7fc675b09 139->142 143 7ff7fc6758c5-7ff7fc6758d0 141->143 144 7ff7fc675a13-7ff7fc675a41 call 7ff7fc6626f0 141->144 145 7ff7fc675b0b-7ff7fc675b30 call 7ff7fc6610d0 142->145 143->141 146 7ff7fc6758d2-7ff7fc6758d8 143->146 152 7ff7fc675a44-7ff7fc675a4a 144->152 150 7ff7fc6758de-7ff7fc6758e9 IsValidCodePage 146->150 151 7ff7fc675a0b-7ff7fc675a0e 146->151 150->151 154 7ff7fc6758ef-7ff7fc6758f6 150->154 151->145 157 7ff7fc675a4c-7ff7fc675a4f 152->157 158 7ff7fc675a8a-7ff7fc675a94 152->158 155 7ff7fc6758f8-7ff7fc675906 154->155 156 7ff7fc675926-7ff7fc675935 GetCPInfo 154->156 159 7ff7fc67590a-7ff7fc67591c call 7ff7fc6752e8 155->159 161 7ff7fc67593b-7ff7fc67595b call 7ff7fc6626f0 156->161 162 7ff7fc6759ff-7ff7fc675a05 156->162 157->158 160 7ff7fc675a51-7ff7fc675a5c 157->160 158->152 163 7ff7fc675a96-7ff7fc675aa2 158->163 171 7ff7fc675921 159->171 165 7ff7fc675a5e 160->165 166 7ff7fc675a82-7ff7fc675a88 160->166 178 7ff7fc6759f5 161->178 179 7ff7fc675961-7ff7fc67596a 161->179 162->139 162->151 168 7ff7fc675acd 163->168 169 7ff7fc675aa4-7ff7fc675aa7 163->169 172 7ff7fc675a62-7ff7fc675a69 165->172 166->157 166->158 170 7ff7fc675ad4-7ff7fc675ae7 168->170 174 7ff7fc675aa9-7ff7fc675aac 169->174 175 7ff7fc675ac4-7ff7fc675acb 169->175 176 7ff7fc675aeb-7ff7fc675afa 170->176 171->142 172->166 177 7ff7fc675a6b-7ff7fc675a80 172->177 180 7ff7fc675aae-7ff7fc675ab0 174->180 181 7ff7fc675abb-7ff7fc675ac2 174->181 175->170 176->176 182 7ff7fc675afc 176->182 177->166 177->172 185 7ff7fc6759f7-7ff7fc6759fa 178->185 183 7ff7fc67596c-7ff7fc67596f 179->183 184 7ff7fc675998-7ff7fc67599c 179->184 180->170 186 7ff7fc675ab2-7ff7fc675ab9 180->186 181->170 182->139 183->184 187 7ff7fc675971-7ff7fc67597a 183->187 188 7ff7fc6759a1-7ff7fc6759aa 184->188 185->159 186->170 190 7ff7fc67597c-7ff7fc675981 187->190 191 7ff7fc675990-7ff7fc675996 187->191 188->188 189 7ff7fc6759ac-7ff7fc6759b5 188->189 192 7ff7fc6759b7-7ff7fc6759ba 189->192 193 7ff7fc6759e5 189->193 194 7ff7fc675984-7ff7fc67598e 190->194 191->183 191->184 195 7ff7fc6759dc-7ff7fc6759e3 192->195 196 7ff7fc6759bc-7ff7fc6759bf 192->196 197 7ff7fc6759ec-7ff7fc6759f3 193->197 194->191 194->194 195->197 198 7ff7fc6759d3-7ff7fc6759da 196->198 199 7ff7fc6759c1-7ff7fc6759c3 196->199 197->185 198->197 200 7ff7fc6759ca-7ff7fc6759d1 199->200 201 7ff7fc6759c5-7ff7fc6759c8 199->201 200->197 201->197
APIs
    • Part of subcall function 00007FF7FC6751D0: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FF7FC67550C), ref: 00007FF7FC6751FA
  • IsValidCodePage.KERNEL32(?,?,00000000,00000001,00000000,00000000,?,00007FF7FC67563D), ref: 00007FF7FC6758E1
  • GetCPInfo.KERNEL32(?,?,00000000,00000001,00000000,00000000,?,00007FF7FC67563D), ref: 00007FF7FC67592D
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CodeInfoPageValid
  • String ID:
  • API String ID: 546120528-0
  • Opcode ID: c041acdb3ff8c70fc1aaeedfeae1fa5acfade11fe8f59ac5fd0277f01cf5fa2a
  • Instruction ID: a6ae3152ed567023d5af8103f1efd445b10bde66c888feac3740671f5b1a06ca
  • Opcode Fuzzy Hash: c041acdb3ff8c70fc1aaeedfeae1fa5acfade11fe8f59ac5fd0277f01cf5fa2a
  • Instruction Fuzzy Hash: 3081D462E2C68286EB62AF25B041179F7A3FF40740F9445B6D6AD476D0DE3CE741C3A1

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: HandleModule$AddressFreeLibraryProc
  • String ID:
  • API String ID: 3947729631-0
  • Opcode ID: b3e39c70d8d00417ac7766e3c73a311eb9ca8edd092240a70aeadd5d488fca6b
  • Instruction ID: 4fcbc8ef36bbe360e79fdbfadbe67ed13933fc9682da00ea693967f5593d493f
  • Opcode Fuzzy Hash: b3e39c70d8d00417ac7766e3c73a311eb9ca8edd092240a70aeadd5d488fca6b
  • Instruction Fuzzy Hash: 9E218132E08701C9EB26AF64E4402EC77B1EB44728F844639DB2D0AAD5DF78E645DBD4

Non-executed Functions

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Current$CriticalSection$Thread$InitializePerformanceProcessQuerySleep$CounterEnterFrequencyLeaveStartup
  • String ID: %s: hloop_free tid=%ld$%s: hloop_new tid=%ld$%s: hloop_run tid=%ld$1.1.1.1$^([^\|]+)\|([^\|]+)\|([^\|]+)\|([^\|]+)\|([^\|]+)$$hloop_free$hloop_new$hloop_run$malloc failed!$win${"client_version":"%.*s.%s.%.*s"}
  • API String ID: 3702059720-1382450751
  • Opcode ID: 67ce1a258c5d3a2b27381690359418d1f0e8e4eec31f148b3d03aad961e2edb6
  • Instruction ID: 4a9ffb0b5d33624afb6bd15e66965694f494701cd9e368f72eca15a283953a39
  • Opcode Fuzzy Hash: 67ce1a258c5d3a2b27381690359418d1f0e8e4eec31f148b3d03aad961e2edb6
  • Instruction Fuzzy Hash: 1522C471A0CB8286E726AF20B9502F9B7A2FF45784F800135DA6D177D5DF3CA255D3A0
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: HandleModule$DebuggerPresent
  • String ID: VBoxHook.dll$sbieDll.dll$sbiedll.dll$vboxhook.dll$vgauth.dll$vmcheck.dll$vmguestlib.dll$vmhgfs.dll$vmsrvc.dll$vmtools.dll
  • API String ID: 3066331455-3903194327
  • Opcode ID: 046ebd30516ebfdb42f643fcb3143d1b64a386cf0e2750181abe4b12af1703c9
  • Instruction ID: ddf051f2e282d827e018da45d7922665317bf198410e17d5332f5aaa1c6afcee
  • Opcode Fuzzy Hash: 046ebd30516ebfdb42f643fcb3143d1b64a386cf0e2750181abe4b12af1703c9
  • Instruction Fuzzy Hash: EA218521A1E50291FF56BB10BC65674A3A2BF94744BC0453AC43D823E0EF3CA789C2B1
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: closesocket$Startupbindhtonllistensocket
  • String ID: accept$bind$connect$getsockname$listen$socket
  • API String ID: 3187449321-1765262324
  • Opcode ID: b27b002bbac53e39761a21271295db448d9f1833206a2f484025a2e99331b463
  • Instruction ID: 1c8ca7206ece274a587deff5d6e2d58f8b3b07721f6319aa5c6093283dabd28b
  • Opcode Fuzzy Hash: b27b002bbac53e39761a21271295db448d9f1833206a2f484025a2e99331b463
  • Instruction Fuzzy Hash: F951C521B1C64281E722EB11F850679A3A2FF89BA4FC00131D96E87AD0DF3CE7459790
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
  • API String ID: 808467561-2761157908
  • Opcode ID: 94977d05d900b6566efd8f8adf9257c76ae18d212f4fd91438a86a755b8bff77
  • Instruction ID: 9596e478c3c4089820dedcb962e7ab52b58ed5e8e7d52cce2958f19346ed5435
  • Opcode Fuzzy Hash: 94977d05d900b6566efd8f8adf9257c76ae18d212f4fd91438a86a755b8bff77
  • Instruction Fuzzy Hash: 01B2EC72A2C2428BE7669F24E4417FDB7A2FF44348F905535DA1967AC4DF38AB04CB90
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalEnterLocalSectionTime
  • String ID: %04d-%02d-%02d %02d:%02d:%02d.%03d %s $DEBUG$ERROR$FATAL$INFO $WARN
  • API String ID: 2469148585-4231340356
  • Opcode ID: 2597bfd73d96a92fbb1b514ae3249cc5db4284addc68108b9c16f19098e5fe41
  • Instruction ID: 481ffdab86beda0c59aa549980aa1d80c05ffe429b9e5f8f9766212d595d3b9d
  • Opcode Fuzzy Hash: 2597bfd73d96a92fbb1b514ae3249cc5db4284addc68108b9c16f19098e5fe41
  • Instruction Fuzzy Hash: EAA1A232A0C681C6E761EB19B4443BAB7A1FB85740F844136EAAD83BD5DF3CD644DB90
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalErrorFormatInitializeLastMessageSectionacceptgetsockname
  • String ID: %s: listenfd=%d accept error: %s:%d$accept$nio_accept
  • API String ID: 3048698552-2126876778
  • Opcode ID: 5035c34185fe9f7658a10c1f9d982b9b81385bb7a5c17de757153e9cf6f4d1b8
  • Instruction ID: 97b6af7f45563ddf67022f429efff89c609075a2de304f4283bfc03301d7aa93
  • Opcode Fuzzy Hash: 5035c34185fe9f7658a10c1f9d982b9b81385bb7a5c17de757153e9cf6f4d1b8
  • Instruction Fuzzy Hash: 15518071A0C64686EB26EF25F5402A9B7A2FF48780F840035DBAE477D5DF3CE20497A0
APIs
    • Part of subcall function 00007FF7FC6337A0: IsDebuggerPresent.KERNEL32 ref: 00007FF7FC6337A4
    • Part of subcall function 00007FF7FC6337A0: GetModuleHandleA.KERNEL32 ref: 00007FF7FC6337B9
    • Part of subcall function 00007FF7FC6337A0: GetModuleHandleA.KERNEL32 ref: 00007FF7FC6337CF
    • Part of subcall function 00007FF7FC6337A0: GetModuleHandleA.KERNEL32 ref: 00007FF7FC6337E5
    • Part of subcall function 00007FF7FC6337A0: GetModuleHandleA.KERNEL32 ref: 00007FF7FC6337FB
    • Part of subcall function 00007FF7FC6337A0: GetModuleHandleA.KERNEL32 ref: 00007FF7FC63380D
    • Part of subcall function 00007FF7FC6337A0: GetModuleHandleA.KERNEL32 ref: 00007FF7FC63381F
    • Part of subcall function 00007FF7FC6337A0: GetModuleHandleA.KERNEL32 ref: 00007FF7FC633831
    • Part of subcall function 00007FF7FC6337A0: GetModuleHandleA.KERNEL32 ref: 00007FF7FC633843
    • Part of subcall function 00007FF7FC6337A0: GetModuleHandleA.KERNEL32 ref: 00007FF7FC633855
    • Part of subcall function 00007FF7FC6337A0: GetModuleHandleA.KERNEL32 ref: 00007FF7FC633867
  • Sleep.KERNEL32 ref: 00007FF7FC633A45
  • SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7FC633A70
  • GetModuleFileNameA.KERNEL32 ref: 00007FF7FC633A85
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Module$Handle$DebuggerExceptionFileFilterNamePresentSleepUnhandled
  • String ID: PI is %g$PI iz %g$Publishers String: %s$failrestart
  • API String ID: 1973722469-2868698399
  • Opcode ID: 38f8c1c5cfc6faa3717d00a6030896d1a00fd76f7e667bf0a1e0139818ad5d82
  • Instruction ID: 1fa9bc1df0e097d37a131b629379ad9300d017b0654b238d8b221ee1f0f24962
  • Opcode Fuzzy Hash: 38f8c1c5cfc6faa3717d00a6030896d1a00fd76f7e667bf0a1e0139818ad5d82
  • Instruction Fuzzy Hash: 2131A220E0C64291FB16BB20B5510B8A393BF81340FC05532EA6D477D6DF2CE786A3E1
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID:
  • API String ID: 3215553584-0
  • Opcode ID: 44823c733fee6c087401eb24eff2077d4fd418421cc4644325c2a4096a67ec1f
  • Instruction ID: d1ecbec292c3ed8f006161426b9a3427fa68c465e1a6fd5bac300ac1116ec5c1
  • Opcode Fuzzy Hash: 44823c733fee6c087401eb24eff2077d4fd418421cc4644325c2a4096a67ec1f
  • Instruction Fuzzy Hash: 22C10162A1C68AD5E7667B11E0403B9B7B2EF80784F844130DA6D0B7C5CF7CE655A3A0
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
  • String ID:
  • API String ID: 3140674995-0
  • Opcode ID: 3aa4962954c373774c15e775262337055321cb4723e69ffbef18532d8b12cfbf
  • Instruction ID: 77f599876183503851333d7a5684c846d1da714b399982dc47e1399b8a02fc9c
  • Opcode Fuzzy Hash: 3aa4962954c373774c15e775262337055321cb4723e69ffbef18532d8b12cfbf
  • Instruction Fuzzy Hash: FE316172619A8186EB619F60F8407E97371FB84748F84443ADA5E47B98DF38D248C760
APIs
  • _get_daylight.LIBCMT ref: 00007FF7FC672C4D
    • Part of subcall function 00007FF7FC6725A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC6725BC
    • Part of subcall function 00007FF7FC66FE8C: HeapFree.KERNEL32(?,?,00000000,00007FF7FC67689E,?,?,?,00007FF7FC6768DB,?,?,00000000,00007FF7FC676DAC,?,?,?,00007FF7FC676CDF), ref: 00007FF7FC66FEA2
    • Part of subcall function 00007FF7FC66FE8C: GetLastError.KERNEL32(?,?,00000000,00007FF7FC67689E,?,?,?,00007FF7FC6768DB,?,?,00000000,00007FF7FC676DAC,?,?,?,00007FF7FC676CDF), ref: 00007FF7FC66FEAC
    • Part of subcall function 00007FF7FC66FE44: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7FC66FE22), ref: 00007FF7FC66FE4D
    • Part of subcall function 00007FF7FC66FE44: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7FC66FE22), ref: 00007FF7FC66FE72
  • _get_daylight.LIBCMT ref: 00007FF7FC672C3C
    • Part of subcall function 00007FF7FC672608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC67261C
  • _get_daylight.LIBCMT ref: 00007FF7FC672EB2
  • _get_daylight.LIBCMT ref: 00007FF7FC672EC3
  • _get_daylight.LIBCMT ref: 00007FF7FC672ED4
  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7FC673114), ref: 00007FF7FC672EFB
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
  • String ID:
  • API String ID: 4070488512-0
  • Opcode ID: fcd6a0617fed5623ffd15f19d81251f11a09093af4377abd19d97c9147f927b9
  • Instruction ID: 695fae86da9f5357feb231d1c781618be6548cb800bd1f3551e99cececf9c390
  • Opcode Fuzzy Hash: fcd6a0617fed5623ffd15f19d81251f11a09093af4377abd19d97c9147f927b9
  • Instruction Fuzzy Hash: 8ED1B722A2C24286E722FF25E4521B9A763FF44798FC04535DA6D47AC5DF3CE641C7A0
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
  • String ID:
  • API String ID: 1405656091-0
  • Opcode ID: 7f9f8c2286b992a3571da48dee6fc1aafa211247df59ddd8f9e67cd6f7412726
  • Instruction ID: 4d2044aa20a04da2c4119400801ae84409d45363c621c7a2936ee176556aae6b
  • Opcode Fuzzy Hash: 7f9f8c2286b992a3571da48dee6fc1aafa211247df59ddd8f9e67cd6f7412726
  • Instruction Fuzzy Hash: F191F9B2B08246C7DB599F25D94127873A6EB88784F848035DA0D4F7C9EF3CE641D790
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
  • String ID:
  • API String ID: 1239891234-0
  • Opcode ID: 0798591881c9f72b69899b3228b88d83dd936065891879449ee4bdf51197990d
  • Instruction ID: 63b01f8a4b002792845fa38a628899ef279dfaebd66177077ab73f10d63a9e53
  • Opcode Fuzzy Hash: 0798591881c9f72b69899b3228b88d83dd936065891879449ee4bdf51197990d
  • Instruction Fuzzy Hash: BE31833261CB8185DB619F25E8407AEB3A1FB88798F900135EAAD47B94DF3CC2458B50
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Heap$AllocErrorFreeLast_invalid_parameter_noinfo
  • String ID: Syst$emRo$ot
  • API String ID: 3361962657-3194604098
  • Opcode ID: c5aebbed3e4b89db9a12c1945780a0628a153ade22ea8a16ad15b950245b5415
  • Instruction ID: 905ba17128dedce744d1b7a6cf3ce5e587c73e056c5bfe1e8f10250848914e12
  • Opcode Fuzzy Hash: c5aebbed3e4b89db9a12c1945780a0628a153ade22ea8a16ad15b950245b5415
  • Instruction Fuzzy Hash: 4FD11321F1C65685FB13BB26A402279A7A2AF45B94F844931DE7D477C2DE3CE60283A0
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: memcpy_s
  • String ID:
  • API String ID: 1502251526-3916222277
  • Opcode ID: 9c617c766be41cc4772cbbd00da1c632dd8d4be70535a18606b97553409b6b1d
  • Instruction ID: 11067e178b0d2b6439b3576509182e23520a880c36ae43315657018f3a43e53e
  • Opcode Fuzzy Hash: 9c617c766be41cc4772cbbd00da1c632dd8d4be70535a18606b97553409b6b1d
  • Instruction Fuzzy Hash: 30C1D472B1C686C7D721DF19F044A69B7A2F788784F848135DB5A4B784DB3CEA01EB90
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ErrorLastrecv
  • String ID:
  • API String ID: 2514157807-3916222277
  • Opcode ID: 69bead48a98f2677fb338fb879258b11ab2121d9548b929dc63f68eceff4d45b
  • Instruction ID: cc9bda3a18a720b7ae78394c805fb448ac54ef64c229db16d08c78f8c1361ae4
  • Opcode Fuzzy Hash: 69bead48a98f2677fb338fb879258b11ab2121d9548b929dc63f68eceff4d45b
  • Instruction Fuzzy Hash: 0C41A322A0CA4286E726AB25F544379A7A2FF44B88F540035DA5D077D9CF3DEA41D7A0
APIs
  • _get_daylight.LIBCMT ref: 00007FF7FC672EB2
    • Part of subcall function 00007FF7FC672608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC67261C
  • _get_daylight.LIBCMT ref: 00007FF7FC672EC3
    • Part of subcall function 00007FF7FC6725A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC6725BC
  • _get_daylight.LIBCMT ref: 00007FF7FC672ED4
    • Part of subcall function 00007FF7FC6725D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC6725EC
    • Part of subcall function 00007FF7FC66FE8C: HeapFree.KERNEL32(?,?,00000000,00007FF7FC67689E,?,?,?,00007FF7FC6768DB,?,?,00000000,00007FF7FC676DAC,?,?,?,00007FF7FC676CDF), ref: 00007FF7FC66FEA2
    • Part of subcall function 00007FF7FC66FE8C: GetLastError.KERNEL32(?,?,00000000,00007FF7FC67689E,?,?,?,00007FF7FC6768DB,?,?,00000000,00007FF7FC676DAC,?,?,?,00007FF7FC676CDF), ref: 00007FF7FC66FEAC
  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7FC673114), ref: 00007FF7FC672EFB
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
  • String ID:
  • API String ID: 3458911817-0
  • Opcode ID: c495dc3030404285d7fae1c9408f612e0952d4a12b43253021cffed363c8997e
  • Instruction ID: 75bb75e64a0da18cd46ce629a8614d8cd282c27ac872faedfe63c0201d70ff7e
  • Opcode Fuzzy Hash: c495dc3030404285d7fae1c9408f612e0952d4a12b43253021cffed363c8997e
  • Instruction Fuzzy Hash: FB51B531A2C64286E711FF25F4811A9F762FF88788F804535EA6D47AD5DF3CE60187A0
APIs
  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC668D4C
    • Part of subcall function 00007FF7FC66FE44: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7FC66FE22), ref: 00007FF7FC66FE4D
    • Part of subcall function 00007FF7FC66FE44: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7FC66FE22), ref: 00007FF7FC66FE72
  • _get_daylight.LIBCMT ref: 00007FF7FC668D64
  • GetTimeZoneInformation.KERNEL32(?), ref: 00007FF7FC668DBD
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CurrentFeatureInformationPresentProcessProcessorTimeZone_get_daylight_invalid_parameter_noinfo
  • String ID:
  • API String ID: 341842238-0
  • Opcode ID: d04244495e1b66ef0c59aa018d0b454dd41c62d30dac1fbdec583e1a5e4f9d6a
  • Instruction ID: 551ba27ffee650f5cf189c317ef71d912ce8455e7169795918d99ace077a0033
  • Opcode Fuzzy Hash: d04244495e1b66ef0c59aa018d0b454dd41c62d30dac1fbdec583e1a5e4f9d6a
  • Instruction Fuzzy Hash: 61411B71A1C685C3EB21EB25F441669F3B1EB98380F804031EA6D4BBD5DE3CE61597A0
APIs
  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC6771F5
    • Part of subcall function 00007FF7FC66F2C0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC66F2E5
    • Part of subcall function 00007FF7FC67B7A0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC67B7C8
    • Part of subcall function 00007FF7FC66FE8C: HeapFree.KERNEL32(?,?,00000000,00007FF7FC67689E,?,?,?,00007FF7FC6768DB,?,?,00000000,00007FF7FC676DAC,?,?,?,00007FF7FC676CDF), ref: 00007FF7FC66FEA2
    • Part of subcall function 00007FF7FC66FE8C: GetLastError.KERNEL32(?,?,00000000,00007FF7FC67689E,?,?,?,00007FF7FC6768DB,?,?,00000000,00007FF7FC676DAC,?,?,?,00007FF7FC676CDF), ref: 00007FF7FC66FEAC
    • Part of subcall function 00007FF7FC677408: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC677446
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo$ErrorFreeHeapLast
  • String ID: .com
  • API String ID: 3231943733-4200470757
  • Opcode ID: 5163f831635ade5d1d25dea64f65b28b677b5d0454b2cfdd1c768fc2a7d7e510
  • Instruction ID: c6250bdca4003b7d1efa74445dece189324bb8ab119cccfd2c97f99ce509c394
  • Opcode Fuzzy Hash: 5163f831635ade5d1d25dea64f65b28b677b5d0454b2cfdd1c768fc2a7d7e510
  • Instruction Fuzzy Hash: 0C51C521B1D24685FB57BB2274122B9A6925F44BD0FC84935EE3D4B7C2ED3CE64193A0
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ExceptionRaise_clrfp
  • String ID:
  • API String ID: 15204871-0
  • Opcode ID: 91101ea6d4d1e22c1651e5bec2d4321bfc7c886ab5947b56058ebf5ba378ea58
  • Instruction ID: 2dd7fe6252110a5a2948e3ec7bb052bf0635e0ecb5fee8385108864047ad1125
  • Opcode Fuzzy Hash: 91101ea6d4d1e22c1651e5bec2d4321bfc7c886ab5947b56058ebf5ba378ea58
  • Instruction Fuzzy Hash: C5B18D73614B848BEB1ACF29D88236C77A1FB44B48F558E21DA6D837A8CF39E451C750
Strings
  • GET %s HTTP/1.1Host: %s:%uConnection: UpgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: %s, xrefs: 00007FF7FC63291F
  • 5B11, xrefs: 00007FF7FC632523
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Time$FileSystem
  • String ID: 5B11$GET %s HTTP/1.1Host: %s:%uConnection: UpgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: %s
  • API String ID: 2086374402-794519000
  • Opcode ID: 921c4af0c181496f294f62a38c940d4fcd0fe8b2dbdb5fd324a9a49373cf28d9
  • Instruction ID: a152425564dfab99c21761e47026249fdbc7b499aa3b0a8d672d20a1bae50a6a
  • Opcode Fuzzy Hash: 921c4af0c181496f294f62a38c940d4fcd0fe8b2dbdb5fd324a9a49373cf28d9
  • Instruction Fuzzy Hash: 85123622E1C6D18AE702DB34A4401FCBBA2FB55348F844236DB9D57B96DF38D644D790
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID: e+000$gfff
  • API String ID: 0-3030954782
  • Opcode ID: 743d17c536c3acb4faa3d1e0b4cbecebac279131506d3cff5c916ed50d1c0d34
  • Instruction ID: 652555be4137e8b9253c9230268b1321225936523da77b503c42b8cbeb479354
  • Opcode Fuzzy Hash: 743d17c536c3acb4faa3d1e0b4cbecebac279131506d3cff5c916ed50d1c0d34
  • Instruction Fuzzy Hash: C6516F32B2C2C586E7259E35A801769B7A2EB44794F888632CB7C4BAC1CE3DD6448750
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CurrentFeaturePresentProcessProcessor
  • String ID:
  • API String ID: 1010374628-0
  • Opcode ID: 528a9d37f7c15d032e9b58aff48201233967a64c63467e5491b9974470917cd8
  • Instruction ID: 655c48d470e42b6865026e71362ecfdc37547772de48fe622180d4e2ace8d27e
  • Opcode Fuzzy Hash: 528a9d37f7c15d032e9b58aff48201233967a64c63467e5491b9974470917cd8
  • Instruction Fuzzy Hash: 4902B221B2D64680FF57BB15B402279A6A2AF45BA0FC44A34DD3D477D2DE3EE60193B0
APIs
  • _get_daylight.LIBCMT ref: 00007FF7FC679BC3
    • Part of subcall function 00007FF7FC66CBB0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC66CBC4
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: _get_daylight_invalid_parameter_noinfo
  • String ID:
  • API String ID: 474895018-0
  • Opcode ID: dc4a74eea7a477c4df8af67b9e1934f95e463f04dc8dc656f0493684778af3c9
  • Instruction ID: c509f32d82677ab32420d9ccdaf4e8f0012ce38134406c23dc02e51cbbcfd617
  • Opcode Fuzzy Hash: dc4a74eea7a477c4df8af67b9e1934f95e463f04dc8dc656f0493684778af3c9
  • Instruction Fuzzy Hash: 71612922F3C94345FF66A928A442738E6D3DF80760F940A35DA3D877C1DE6DEA4087A0
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: e92eaa9f3f9c8a72a361cfe99b59cd0f8e2f00a809d9046e8a18eda8ba706880
  • Instruction ID: 7bbd170235b4684fac9aeec708571790229b0879ee4480a907dd289ae7fa7392
  • Opcode Fuzzy Hash: e92eaa9f3f9c8a72a361cfe99b59cd0f8e2f00a809d9046e8a18eda8ba706880
  • Instruction Fuzzy Hash: A951F422B1868185EB11EB72B8442BEBBA6FF44794F444534EE6C67BC5DE38D6018740
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID: gj
  • API String ID: 0-4203073231
  • Opcode ID: d45b10ad3b2151ddd32aa446e278412b81bba7ecffa2f7fb7a038ec031745dde
  • Instruction ID: 4ff4a0acd8d8dadc145b8da3e857c35fc1d3563e0ad467efda3c1fe32934d8d9
  • Opcode Fuzzy Hash: d45b10ad3b2151ddd32aa446e278412b81bba7ecffa2f7fb7a038ec031745dde
  • Instruction Fuzzy Hash: B6E1D532F1CB818AE751DF25E8443ADB3A2F798388F518635DA5C57B98EF38D6818740
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID: gfffffff
  • API String ID: 0-1523873471
  • Opcode ID: 0b77216125b6e619cb9227bd532c63d66f653560c1cfc9f1d2017feead92d9e4
  • Instruction ID: 803c1ea11f87b3e797135cb4f57288baa18138aa1a72f7d354639add7dbd04d8
  • Opcode Fuzzy Hash: 0b77216125b6e619cb9227bd532c63d66f653560c1cfc9f1d2017feead92d9e4
  • Instruction Fuzzy Hash: A3A17762B2C3C686EB22DB25A0117ADB792EF50784F408532DE6D877C5DE3DE602C761
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID: 0-3916222277
  • Opcode ID: c0819437cd11de507717a0fbd2ead8c8a07a9ae06109f402f139278b5aa7719d
  • Instruction ID: 7728324123958e226f8b9a09040210bcb675df4ae0b496f1a056439f797f7c45
  • Opcode Fuzzy Hash: c0819437cd11de507717a0fbd2ead8c8a07a9ae06109f402f139278b5aa7719d
  • Instruction Fuzzy Hash: 87B1A07290C681C6E7669F25F05027CBBB6EB05B48F545139CA5D0B3D9CF3AE640EBA0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Time$FileSystem
  • String ID: ~
  • API String ID: 2086374402-1707062198
  • Opcode ID: 1075f9c84109008ba55c20227a48bd52cd11674ec28416f1a18bdf60043683f3
  • Instruction ID: dc407183ba17a8b489883fc20afcb4f031aea375453e0ff11a04d327f45fe40f
  • Opcode Fuzzy Hash: 1075f9c84109008ba55c20227a48bd52cd11674ec28416f1a18bdf60043683f3
  • Instruction Fuzzy Hash: FF412C22A2C386CAD752A734B04076AFB62EF55784F801175F5DE477C6DB2CE205CBA0
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: HeapProcess
  • String ID:
  • API String ID: 54951025-0
  • Opcode ID: 94bc10a54148eefe9ceff7ccb0c76e7796384e5c14830a5c4708bf62de7db876
  • Instruction ID: 3b6999e8624a58fe73dfb576602293ee4855268fbc83dc3a7f1eafc837b450ef
  • Opcode Fuzzy Hash: 94bc10a54148eefe9ceff7ccb0c76e7796384e5c14830a5c4708bf62de7db876
  • Instruction Fuzzy Hash: CEB09220E1BA02C2EB0A3B117C8662462A6BF58700FD940B9C02C51360DE3C22A55761
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 92621d7599ebe439fe42cc1797d0e05a6523d76aa08d1b2b7dbf6255f2c13953
  • Instruction ID: 03117e7f68578d1ff426a450729ff7c132421495bc63e49250a760bc0508684d
  • Opcode Fuzzy Hash: 92621d7599ebe439fe42cc1797d0e05a6523d76aa08d1b2b7dbf6255f2c13953
  • Instruction Fuzzy Hash: D5824D737182408FC75CCF29E455AAABBA2F388758B149129EA4AC3F54DB3CE955CF40
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: c17bbcaea6f53b856a72ccf3d7ef818591429301e71fa72aaa348ac819a5d51c
  • Instruction ID: cf2220ee7611e854123ef1280d59bf8c5a0e3c7e15c30fe8dabbdd48bc7cd505
  • Opcode Fuzzy Hash: c17bbcaea6f53b856a72ccf3d7ef818591429301e71fa72aaa348ac819a5d51c
  • Instruction Fuzzy Hash: 85620B736141B08BE30D8F2AA8644BE7BA2F789B4E786511DEF5317B84C63D9901DB60
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 2271f063c9215e53fe3b024b9c01aa595ac5e10d559468093cf72c5e95bdff60
  • Instruction ID: f501d3d6b6d0e0d42c8261b5f542685ce73e881845a7988d34c38417da7fba1a
  • Opcode Fuzzy Hash: 2271f063c9215e53fe3b024b9c01aa595ac5e10d559468093cf72c5e95bdff60
  • Instruction Fuzzy Hash: 6B42B251B1C65345FB02BB61E4542BD93A6AF44788FE15832CB2D876C7FF28E64683E0
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: d2418c9fa71224c502d4934d6023f4d5fcfec831842793d73c13778dee5b0c58
  • Instruction ID: a326840f01aed42c261a2d62f04cc4e70da32cd243171b8dcad2011c9332eca8
  • Opcode Fuzzy Hash: d2418c9fa71224c502d4934d6023f4d5fcfec831842793d73c13778dee5b0c58
  • Instruction Fuzzy Hash: 8B2208736281F04BD315CF3E585456EBFE2F38A241B86922AEBE5C7B81D53C8521DB60
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 4a8fd08a2100bc0befe53d67f516bfc4f70f51cae2565980cfab93f137b2a2db
  • Instruction ID: bc77c36872948ebd39904b664016dede8f62e8fe7c02d7ad889044a45c2e8619
  • Opcode Fuzzy Hash: 4a8fd08a2100bc0befe53d67f516bfc4f70f51cae2565980cfab93f137b2a2db
  • Instruction Fuzzy Hash: A8020373B35B744BDB298B3AD058E5837A5E36CB847617435CB0D83B90EA6AD581CB80
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: d42102d7047cbcbd42aa564f36cfd8bf48a89de50692ae3daa28a87a6dfced6a
  • Instruction ID: cf9e4c5db2bb36a5a6e91722f1091e7dd02fa5b358a69b1695cb9a37ec22374d
  • Opcode Fuzzy Hash: d42102d7047cbcbd42aa564f36cfd8bf48a89de50692ae3daa28a87a6dfced6a
  • Instruction Fuzzy Hash: 3E12BFB2710B8886EE90CB99A8547DE73A5F748BC4F505526CE8CA7B56DF3CD262C340
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: a4ed367f959ce28c92b79e23bf3bb6af92d8393ea750d5e465e105adba5229b8
  • Instruction ID: fe66f450c09aca918dcceb38de0b4c2e4bd89982037c74529e854b168de0bd99
  • Opcode Fuzzy Hash: a4ed367f959ce28c92b79e23bf3bb6af92d8393ea750d5e465e105adba5229b8
  • Instruction Fuzzy Hash: 34E1B233B35B744ADB749B7AC058D5C37D6E368780766A429DB1983B42FA6BD480CF80
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 34ad1c42be24ac742940249f0e72c1ae076a6b375364427af3c6b9fe392f6a80
  • Instruction ID: cc09084464edc128c05b374e9e4ea3db2f997d3751e1002cdc6eaad17a869c6a
  • Opcode Fuzzy Hash: 34ad1c42be24ac742940249f0e72c1ae076a6b375364427af3c6b9fe392f6a80
  • Instruction Fuzzy Hash: A4E1D62191C642C5EB26AB29F144379B7B3EB44748F844135DD2D4F2D5CF3AEA42EBA0
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: b2ef2c0cc6f4c81c6fd1a380fe6c68dd61e59c07dbb547c225c3a0418a23765c
  • Instruction ID: 57206bb6cbb7a360aae54ed7b4d492fd3b668e3f1a992060dbb526b7e0b2d434
  • Opcode Fuzzy Hash: b2ef2c0cc6f4c81c6fd1a380fe6c68dd61e59c07dbb547c225c3a0418a23765c
  • Instruction Fuzzy Hash: 5FB1EAEBF50A9893F7184BD5F511FC4A755A3A8BC9F56A012EB4C1B795DB38CA83C200
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: f6503c616bba213ebfb5ed89022520266626e9c1e1fc310beb7f09136b1ff649
  • Instruction ID: fa8b66fd569213540721580168df569b3ac5572828db72367e978ecf07c757ab
  • Opcode Fuzzy Hash: f6503c616bba213ebfb5ed89022520266626e9c1e1fc310beb7f09136b1ff649
  • Instruction Fuzzy Hash: 71D1FA2290C646C5E7269B25E42027DF7B2EB05B48F941136DE6D0B3D5DF39EA42E3E0
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 6bc460fc4450e51cbb4f17b917272610f50bb3c4fa67319cacb8d3ed8ec7d87c
  • Instruction ID: deb306b0532f9cd38c3da239ecf708189f24a50ef66d50cf8ed27654f0be96d2
  • Opcode Fuzzy Hash: 6bc460fc4450e51cbb4f17b917272610f50bb3c4fa67319cacb8d3ed8ec7d87c
  • Instruction Fuzzy Hash: 68A14623B1D2C49BC715DB28A5401BCBB61F76A344B44813AEB9D87B83DB1CE7A5C760
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 92f876d161380dba5c5b9b7e7c74c7f86a1e32815e9f411862ddd9436122f05a
  • Instruction ID: de12ddba270862305ea9f52652849f8fdfe3f4648ccd489205d71532d709ad3f
  • Opcode Fuzzy Hash: 92f876d161380dba5c5b9b7e7c74c7f86a1e32815e9f411862ddd9436122f05a
  • Instruction Fuzzy Hash: BEB1BE7290C651C6E7669F39F05013CBBB2E705B48F640139CA5E4A3D5CF3ADA41EBA1
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: de382bcf8cc99a276a38a4b30af58462e61b96a58a4e5f315db5b1b179a5a5f0
  • Instruction ID: 78398923ccb98628fe7472a5520b4a0efcf4f9869e98694a539074cadd2d8645
  • Opcode Fuzzy Hash: de382bcf8cc99a276a38a4b30af58462e61b96a58a4e5f315db5b1b179a5a5f0
  • Instruction Fuzzy Hash: 0281F661B1D78A82EF11DB65B4147B9A392AB84BC4FA04832CF1D5B7E4DE3CE205C391
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: ff9a88f4d0a2b8cd525dd46dc1b482681b373fc98c5b8a6b3428221cccbc8822
  • Instruction ID: 52c4b9e8b03630cbb4793cc9566b2177fd3d1d89d2befd4eff19c681061ad54a
  • Opcode Fuzzy Hash: ff9a88f4d0a2b8cd525dd46dc1b482681b373fc98c5b8a6b3428221cccbc8822
  • Instruction Fuzzy Hash: E9A1F1B3A14BC586EB019B6CD4055FC7B71F795B88F908A26DF9922B86EF38C245C340
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: b3ba195ab129d177cf15470f2d304009888bdaa519c2611d0e709428962b9620
  • Instruction ID: a188174acd9c69e3d6e8cce1882db5947682615b6b1989c83d2b3a156cd5d7c2
  • Opcode Fuzzy Hash: b3ba195ab129d177cf15470f2d304009888bdaa519c2611d0e709428962b9620
  • Instruction Fuzzy Hash: 3091B522A1CAC585EB12DF38E4003F9B752FB95788F808631DA5D5B686EF38D746C350
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: f0ca63818ebd3f2a8a24c03220a7c71181de3bef335190e4b7ea2f2d0334146f
  • Instruction ID: ff21605b31ed68f4948005720c2784a66164ddb8a1e67a97a971434222bb08f2
  • Opcode Fuzzy Hash: f0ca63818ebd3f2a8a24c03220a7c71181de3bef335190e4b7ea2f2d0334146f
  • Instruction Fuzzy Hash: 9051145670C64A46FF059B66FC79476E392B788FC0B806576EE0E4FBA0DD3CD2048280
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: c9c86acf529f5b2cc2242500851b6b1b55747b431a9708dc0c9a7a0153c82768
  • Instruction ID: 93b6ac5e489ffd82968f90ebbb7ec4d4353b159a56562c24e3e90a4458fb6fe7
  • Opcode Fuzzy Hash: c9c86acf529f5b2cc2242500851b6b1b55747b431a9708dc0c9a7a0153c82768
  • Instruction Fuzzy Hash: E1810572A2C38186EB75DB29B4423A9E692FF45794F944636DAAD43BC4CE3CD6008B50
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 1f60a31c4ad09d14e9123143b5f3da6dae12f157504b53d32295367bb09af5bb
  • Instruction ID: 12f78e0c9e1d46f760ede78fef5f196758d858b3ca2a44be01d550cabc1c5717
  • Opcode Fuzzy Hash: 1f60a31c4ad09d14e9123143b5f3da6dae12f157504b53d32295367bb09af5bb
  • Instruction Fuzzy Hash: 2F71E612B2C78589FB12DB79A4003ECBB61AB09798F80413ADE5D67BCADE2C9105D364
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: c70fcc6d2f745d6f2e57616c5dc213991aa92345361ff64c99e669cdafca7c53
  • Instruction ID: e3f5497733f25f35800bb37a4fbf7838c1b1ca3b662b44775d776a4ddd6332e4
  • Opcode Fuzzy Hash: c70fcc6d2f745d6f2e57616c5dc213991aa92345361ff64c99e669cdafca7c53
  • Instruction Fuzzy Hash: 2571F773B19BC586EB51CB28E0047ADBB65F795B80FA18626DB9D13781EF78C248C300
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 68ddb009433fa70c244f5a884ae9656cd9f3fce7be4869a1d77461a12e29a26f
  • Instruction ID: 352db0a3987fa874094c1aaf5ebbe4341b32a5db0a6cbdbb5a50dcb6a584d630
  • Opcode Fuzzy Hash: 68ddb009433fa70c244f5a884ae9656cd9f3fce7be4869a1d77461a12e29a26f
  • Instruction Fuzzy Hash: 8C619D66718B8582DB618B42F9847AAB7A5F789BC0F948536EF8D07B98CF3CC144C744
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: adfeac1bd3304b4a1e6a7fbbe558844cc07f26f4c1fdcf66a2fc5f6c0c862aa6
  • Instruction ID: a0c9fa474ba595d2c573f24eee8f21f7b3f08044eac9ce31cc931f317635bae8
  • Opcode Fuzzy Hash: adfeac1bd3304b4a1e6a7fbbe558844cc07f26f4c1fdcf66a2fc5f6c0c862aa6
  • Instruction Fuzzy Hash: 2F61343251CAE086D75D8B35A8643FABBD2F785349F88413AEA9583BC5CB3DC209D750
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 873f693b30f5c65fb76adcbf181ea59e2c7cbea22cf0cc1061d4f193e3fcacee
  • Instruction ID: 5e6a6b644bdaa788872ed698d9aceb0c4b73d4c514ed6930cae7c94ab6a381d1
  • Opcode Fuzzy Hash: 873f693b30f5c65fb76adcbf181ea59e2c7cbea22cf0cc1061d4f193e3fcacee
  • Instruction Fuzzy Hash: B151D136E0C651C2E32A9F28E05623CBBB2EB51B58F550134CE595B7E8CB28ED41D7E0
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: acdf8ffe72d86e576cbec3b8d14af3ad82b557eb2b43dd30e6bad1462f6913e5
  • Instruction ID: f6c4583e2f22d2e0847af4c5bb9b10028dd52c046d72ca94193439370e0fc51f
  • Opcode Fuzzy Hash: acdf8ffe72d86e576cbec3b8d14af3ad82b557eb2b43dd30e6bad1462f6913e5
  • Instruction Fuzzy Hash: CD51B432E0C551C2E72A9E28E05623CB7B2EB51B68F540239CA5E1F7D8CB28ED41D7D0
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 0c64ec5268596af1e9d24b2acb5ca02d719bf75dbfd60e7866810f2e9333da9d
  • Instruction ID: 77f77b0c7caed1ddb3d897e1ff2ec3e024ec3d692a60a9896f6665186745b42e
  • Opcode Fuzzy Hash: 0c64ec5268596af1e9d24b2acb5ca02d719bf75dbfd60e7866810f2e9333da9d
  • Instruction Fuzzy Hash: 5A51A136E0C651C2E72A9E28E0A623CB7B2EB55B58F544134CE591B7D8CF28ED41D7D0
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: d173431a2417d4285eaf026b347f4fb1b9c2118ffa6be24429bd66fe4c9a859a
  • Instruction ID: 68d7d76a199087d5712ce969d6972ad03f8c30584babd20708b19194bbdbddc8
  • Opcode Fuzzy Hash: d173431a2417d4285eaf026b347f4fb1b9c2118ffa6be24429bd66fe4c9a859a
  • Instruction Fuzzy Hash: A5519E32B08BC581EB609B52B900B9AB76AF789BD4F544226EF9D07B89DF3CD141C740
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 08c524c9c78a862af1745958744b5c2d62787455e303d3867a5036d2ae2bf7b5
  • Instruction ID: 36a8e3f9933974ca1b490642815a364f37900ee945a9c0c776c8088bde288c1c
  • Opcode Fuzzy Hash: 08c524c9c78a862af1745958744b5c2d62787455e303d3867a5036d2ae2bf7b5
  • Instruction Fuzzy Hash: E161B8322086E04ED352CB25B424DADBFA2F38974DF698161DFE883755C63DDA16CB50
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ErrorFreeHeapLast
  • String ID:
  • API String ID: 485612231-0
  • Opcode ID: 58b56ff6570d042ba26bae95609e2a3793c5a130c44a7fb727c2999642a263ed
  • Instruction ID: 5441dee724683c128d31a739e9b47780c64d2f7615d9cb77e21191a25888f70f
  • Opcode Fuzzy Hash: 58b56ff6570d042ba26bae95609e2a3793c5a130c44a7fb727c2999642a263ed
  • Instruction Fuzzy Hash: 7341DA22718E5481EF44DF2AE914269F3A2FB48FD4B899032DE5D97B98DE3CD6428340
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: c712cdfe6cab55e2db6fd941e22f4731d3ad4fcfcfed6b6791452866a93bd8ae
  • Instruction ID: 35a2da406bf3872a3b5983b384bf3c8b71cd705ef165487084825417fb7664e6
  • Opcode Fuzzy Hash: c712cdfe6cab55e2db6fd941e22f4731d3ad4fcfcfed6b6791452866a93bd8ae
  • Instruction Fuzzy Hash: EF31979670874A42FF44DB62ED754B6E3A2B749BC0740A977EE1D1FBA4DE2CD10582C0
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 8bc8bb0ed71d768a260c20b94f5e8cb061850ce0b52692cd5f5d793643093fda
  • Instruction ID: 9c8d6f9caf81d65026e1cac9eeff1cbff6cb20aef629488f869481fa5f5e4278
  • Opcode Fuzzy Hash: 8bc8bb0ed71d768a260c20b94f5e8cb061850ce0b52692cd5f5d793643093fda
  • Instruction Fuzzy Hash: 9F213E5670C79582EB158B21B8640A6FBE1F789BC0B449571EE5D0FB95DD3CD104C290
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 2ca1109ee5ef39dff2917ecd3d8601a5c60b1794c92cf774940c04de4e0da762
  • Instruction ID: 045fdef78004719bb697875b66d97098bf5825e242c1531b7479beab71941885
  • Opcode Fuzzy Hash: 2ca1109ee5ef39dff2917ecd3d8601a5c60b1794c92cf774940c04de4e0da762
  • Instruction Fuzzy Hash: 66F0C87172C2518ADB959F28B44262977D1F7083C0F8084B9E69C83F44CA3D81508F65
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 265d9db31a5253be0842e5cec1029d5c51dac0b65acb6294967fdfc75bc4e867
  • Instruction ID: d66f685ea388ed4dc849af42b91a82fc37bbfdacda6d4cee4768e65c360b12ae
  • Opcode Fuzzy Hash: 265d9db31a5253be0842e5cec1029d5c51dac0b65acb6294967fdfc75bc4e867
  • Instruction Fuzzy Hash: CBA0012591C802D0E74AAB11B865520A332BB50380B804431D02E851E0AE2CA60092A1
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: AddressProc$ErrorHandleLastModuleStartup
  • String ID: NtCancelIoFileEx$NtCreateFile$NtCreateKeyedEvent$NtDeviceIoControlFile$NtReleaseKeyedEvent$NtWaitForKeyedEvent$RtlNtStatusToDosError$ntdll.dll
  • API String ID: 1380963564-2510998476
  • Opcode ID: 71dbbe17fa6bad75869f52aaeeb9466299c6ba19eb38ce683c381d81f2405cf2
  • Instruction ID: d50a116064bacb752f1484863599d1f09f592c2f5235209db64c048643d1bebf
  • Opcode Fuzzy Hash: 71dbbe17fa6bad75869f52aaeeb9466299c6ba19eb38ce683c381d81f2405cf2
  • Instruction Fuzzy Hash: FA41DA20A1DB02C1FB56BF14B854675A3A2BF48B54FC40879C82D827E1EF3CA655D3B1
APIs
  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000A,00007FF7FC631374), ref: 00007FF7FC6385EC
  • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000A,00007FF7FC631374), ref: 00007FF7FC638610
  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000A,00007FF7FC631374), ref: 00007FF7FC6386C0
    • Part of subcall function 00007FF7FC63A830: InitializeCriticalSection.KERNEL32 ref: 00007FF7FC63A95F
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalSection$EnterErrorInitializeLastLeave
  • String ID: %s: hio_write called but fd[%d] already closed!$%s: try_write failed, enqueue!$%s: write bufsize > %u, close it!$%s: write len=%u enqueue %u, bufsize=%u over high water %u$hio_write$malloc failed!$realloc failed!
  • API String ID: 3864342741-2731922272
  • Opcode ID: 1f33018dfb81c9b853c9b37d17f0eb0d09286a8a8a498878fe42afcfd17feced
  • Instruction ID: 958d2cb2cc7207a507a8e82a196874ae3305a43869c46901a536eabc700ad4c4
  • Opcode Fuzzy Hash: 1f33018dfb81c9b853c9b37d17f0eb0d09286a8a8a498878fe42afcfd17feced
  • Instruction Fuzzy Hash: 5CB15061A0CB8282EB52AF65B4003A9B362FF84B84F844236DE6D077D5DF3DD645D7A0
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalSection$Leave$CurrentEnterThread
  • String ID: %s: write_queue not empty, close later.$hio_close
  • API String ID: 2905768538-3843657322
  • Opcode ID: fce9569a440a40374af995b01fbf4b06b741a56e9ef7516262629a05d4e63768
  • Instruction ID: 8f2d2c9858b024479f4cf87502ecb43b4789289446ce741cebc28e5c35f39483
  • Opcode Fuzzy Hash: fce9569a440a40374af995b01fbf4b06b741a56e9ef7516262629a05d4e63768
  • Instruction Fuzzy Hash: 28B15C32A0DA4185EB96AF61E4903E8B3A1FF48F48F880135DE1D4B395CF39E645D7A0
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CloseHandle$CodeErrorExitLastObjectProcessSingleWait_invalid_parameter_noinfo
  • String ID:
  • API String ID: 2936579111-0
  • Opcode ID: 243e5399bb8befccb1251cfa5e264fef61fd5386aef9b70af64260ac6450a9f7
  • Instruction ID: 8f0d90a749e63a60a2f1fce73792faa4af19423716c6c07d824e416f79873160
  • Opcode Fuzzy Hash: 243e5399bb8befccb1251cfa5e264fef61fd5386aef9b70af64260ac6450a9f7
  • Instruction Fuzzy Hash: E0616D21B1DA0286FB12AB65E4011BCB7A3AF44B94F840935DD2D1BBC9CE38E615C3E1
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalSection$Count64EnterErrorLastLeaveTick$CompletionQueuedStatus
  • String ID:
  • API String ID: 4221809125-0
  • Opcode ID: 4831ab57cb3c9d5880a4cdda0421dd2e069bd95674f4f3e4e1139edc32a8f4df
  • Instruction ID: 39d891deb7eb341199142c24a70719684fb4f55a9406c3b39d172ba593a99a45
  • Opcode Fuzzy Hash: 4831ab57cb3c9d5880a4cdda0421dd2e069bd95674f4f3e4e1139edc32a8f4df
  • Instruction Fuzzy Hash: 49516332A1CA4282EB62BB24F415779A3A2FF85740F800435EA6E437D5DE3CE645D7B0
APIs
  • __FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF7FC663D24
    • Part of subcall function 00007FF7FC664C08: _GetEstablisherFrame.LIBVCRUNTIME ref: 00007FF7FC664C3D
    • Part of subcall function 00007FF7FC664C08: __GetUnwindTryBlock.LIBCMT ref: 00007FF7FC664C4B
    • Part of subcall function 00007FF7FC664C08: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF7FC664C70
  • Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF7FC663DFC
  • __FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF7FC664042
  • _GetEstablisherFrame.LIBVCRUNTIME ref: 00007FF7FC664094
  • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7FC66414E
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
  • String ID: csm$csm$csm
  • API String ID: 3606184308-393685449
  • Opcode ID: e87e9ccc8039837527bc66d3a4b0a044b6cd738ae3f484c4334554ac4860dfed
  • Instruction ID: c58bcfacb3d723325e61e23aec2223a6ea163c7747ef137a22e4f5b1ea003ef2
  • Opcode Fuzzy Hash: e87e9ccc8039837527bc66d3a4b0a044b6cd738ae3f484c4334554ac4860dfed
  • Instruction Fuzzy Hash: 83D16E32A0CB41CAEB21EB65E4402BDB7B1FB95798F800135DA5D5BB85CF38E291D790
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalSection$Leave$EnterErrorLast
  • String ID:
  • API String ID: 3832147951-3916222277
  • Opcode ID: 2f50e438dd6bb3ec30cb49d9fb8f8fb95daf8337c89d72eb8ff2dc253273a67b
  • Instruction ID: 28d020504a5be3c48d79a80bfe38697b57869c551a82263309521412e0317709
  • Opcode Fuzzy Hash: 2f50e438dd6bb3ec30cb49d9fb8f8fb95daf8337c89d72eb8ff2dc253273a67b
  • Instruction Fuzzy Hash: 20519E32A0CA4282EB56AF25E4447ADB3A2FB48B84F444532DE5D477D4CF3DD688D7A0
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: inet_pton$Startupfreeaddrinfogetaddrinfohtonlhtons
  • String ID: TCP
  • API String ID: 2629855691-617288268
  • Opcode ID: 260fe9b370a76108944f1a3261a8c1365df58255e94d92b3178fbd82ebff05b4
  • Instruction ID: 09702120d05035548d6a6e146299eaca3494e31d5a5785e394b751a93d81ff2a
  • Opcode Fuzzy Hash: 260fe9b370a76108944f1a3261a8c1365df58255e94d92b3178fbd82ebff05b4
  • Instruction Fuzzy Hash: 0C418161A1C65182FB66AB21E50537DA3A3FF88B84F848035CA9D4B7D4DF3CDA81D391
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
  • String ID:
  • API String ID: 1330151763-0
  • Opcode ID: 9f7ff1bb014ad17c976432201deef6a39acbdabc24bcf67d3c04b1e32eb014f4
  • Instruction ID: d074b907517d8242e463c866f429ccf4324fe7ca1e5c9755852de097e46c5413
  • Opcode Fuzzy Hash: 9f7ff1bb014ad17c976432201deef6a39acbdabc24bcf67d3c04b1e32eb014f4
  • Instruction Fuzzy Hash: 8EC1D232B28A4185EB11DFA4E4816AC7772FB48BA8B405735DB2E977D5CF38D251C390
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ExclusiveLock$CriticalErrorLastOnceReleaseSection$AcquireCloseEnterExecuteHandleInitLeave
  • String ID:
  • API String ID: 3058501189-0
  • Opcode ID: 2ed70be1f92b668a73725abd9ca2bb93e9a33c7e95fb1575a4d87809898d823d
  • Instruction ID: 4ec5563adcff39ada8f0f9e0ad7054a437fcd5317bf244bda95a5f3c8e2b6a68
  • Opcode Fuzzy Hash: 2ed70be1f92b668a73725abd9ca2bb93e9a33c7e95fb1575a4d87809898d823d
  • Instruction Fuzzy Hash: 75518131A0CA4282EB22BF65F850679A362FF44B54FC40475DA2E476D6DE3CE641E3E0
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID: 0$f$p$p
  • API String ID: 3215553584-1202675169
  • Opcode ID: 826de8a9f262bf44efbc94f48982ea975ff41122d38ded1881f0fca0297de001
  • Instruction ID: 8c69aa051d6661e00e6cf93fce634e77323dc7a93009ec543935411558fe2f13
  • Opcode Fuzzy Hash: 826de8a9f262bf44efbc94f48982ea975ff41122d38ded1881f0fca0297de001
  • Instruction Fuzzy Hash: E112D361E0C143C6FB627A34B05427AF6B3EB48754FC44035D6AA4B6C5DB3CE648ABE1
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ErrorLast$Ioctl
  • String ID:
  • API String ID: 431296074-0
  • Opcode ID: f6b6d075c73456cf7194f78dea7e32ee2c54bf9d2fb2a242bf8fd9b4dd9dbe74
  • Instruction ID: 36d41abd7ea86a974e8ffb86521772cbe29b5021869744e9d0b174b6d86b7793
  • Opcode Fuzzy Hash: f6b6d075c73456cf7194f78dea7e32ee2c54bf9d2fb2a242bf8fd9b4dd9dbe74
  • Instruction Fuzzy Hash: 9861DA3291CB8182E711AF20F40026DB3A5FB85B64F914635EAAD477D1EF3CD691D7A0
APIs
  • InitOnceExecuteOnce.KERNEL32(?,?,00000000,00007FF7FC63ACB9), ref: 00007FF7FC63D79C
  • SetLastError.KERNEL32(?,?,00000000,00007FF7FC63ACB9), ref: 00007FF7FC63D7BB
  • CreateIoCompletionPort.KERNEL32(?,?,00000000,00007FF7FC63ACB9), ref: 00007FF7FC63D7F2
  • GetLastError.KERNEL32(?,?,00000000,00007FF7FC63ACB9), ref: 00007FF7FC63D800
  • InitializeCriticalSection.KERNEL32(?,?,00000000,00007FF7FC63ACB9), ref: 00007FF7FC63D87C
  • AcquireSRWLockExclusive.KERNEL32(?,?,00000000,00007FF7FC63ACB9), ref: 00007FF7FC63D889
  • ReleaseSRWLockExclusive.KERNEL32(?,?,00000000,00007FF7FC63ACB9), ref: 00007FF7FC63D8AB
  • SetLastError.KERNEL32(?,?,00000000,00007FF7FC63ACB9), ref: 00007FF7FC63D8C2
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ErrorLast$ExclusiveLockOnce$AcquireCompletionCreateCriticalExecuteInitInitializePortReleaseSection
  • String ID:
  • API String ID: 2158719249-0
  • Opcode ID: e3415b95750fe3664162634adf99fb1ab46893ab1e8ab07974787f82c2ee5b0c
  • Instruction ID: ea7df78cee93c0a7f072b8bd41c31edbf6e55298afa993fcccabd883f4e8a16b
  • Opcode Fuzzy Hash: e3415b95750fe3664162634adf99fb1ab46893ab1e8ab07974787f82c2ee5b0c
  • Instruction Fuzzy Hash: C8418232B2CB4182E746AB61F550669B3A2FF84740F845031DA1D43BD1EF3CE6A5D790
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: getpeernamegetsocknamegetsockoptioctlsocket
  • String ID: malloc failed!
  • API String ID: 3112313916-3711825366
  • Opcode ID: a3539cda323d7116f54afb6a884e6dce8c76db32cf2e5fb89df4ccc2e5db319a
  • Instruction ID: b5ca8cf54ba7ce768bb97aa25ce797d29faf7249c9c162022a47e4b21712d578
  • Opcode Fuzzy Hash: a3539cda323d7116f54afb6a884e6dce8c76db32cf2e5fb89df4ccc2e5db319a
  • Instruction Fuzzy Hash: 61A1803290CB81C6E756AF24E8403A9B3A2FB44B48F980139DB6C077D9DF39E555D7A0
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalLeaveSection
  • String ID: gfff$gfff$gfff$gfff$gfff$gfff
  • API String ID: 3988221542-860800646
  • Opcode ID: 43cb3fe5db642061bcb5fec796dc8037ed4e5ec2cafe91cf3bae3e22c54d5555
  • Instruction ID: 32c5cbfa4a4155c05d00f6c99fcb7443392aca90a65c3c7fd116d06d7a0bf408
  • Opcode Fuzzy Hash: 43cb3fe5db642061bcb5fec796dc8037ed4e5ec2cafe91cf3bae3e22c54d5555
  • Instruction Fuzzy Hash: 7B712C11E1D2C047E357D729B026B696F95AB61384F85C036C55D8B3C3DA2DD60EE3A3
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalEnterSectionsend
  • String ID: %s: hloop_post_event failed!$hloop_post_event$malloc failed!$realloc failed!
  • API String ID: 513533636-1734934543
  • Opcode ID: eb43728a70e1fd8a0f189b062b1eaf41f0c694262d1b716307fe3ff88c9d7daa
  • Instruction ID: 8f6d3afe1a958f007c252c6112efcd8dc7e20dd1b65c13da98b1388097cbd59b
  • Opcode Fuzzy Hash: eb43728a70e1fd8a0f189b062b1eaf41f0c694262d1b716307fe3ff88c9d7daa
  • Instruction Fuzzy Hash: DA61827190CA8285F752AF64B8003A9B372FB44B84F884135DE6D0B7D5DF38E691D3A0
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ErrorFormatLastMessagegetpeernamegetsockname
  • String ID: %s: connfd=%d connect error: %s:%d$nio_connect
  • API String ID: 911359391-1312384689
  • Opcode ID: ab83756cb9bc80401c023cb6ddf8fb2d449badcf4fc73bbe44caf13a8c5722ff
  • Instruction ID: 675cbc9d3855582bba7dc5a4cd5e45b722d57647e9b0eb8c62497a1845d60695
  • Opcode Fuzzy Hash: ab83756cb9bc80401c023cb6ddf8fb2d449badcf4fc73bbe44caf13a8c5722ff
  • Instruction Fuzzy Hash: 65419F71A0D74286EB56EF25F4402A9B3A2FF84B88F444039DA5E477D8DF3CD64097A0
APIs
  • LoadLibraryExW.KERNEL32(?,?,?,00007FF7FC663242,?,?,?,00007FF7FC662F3C,?,?,?,?,00007FF7FC662B6D), ref: 00007FF7FC663015
  • GetLastError.KERNEL32(?,?,?,00007FF7FC663242,?,?,?,00007FF7FC662F3C,?,?,?,?,00007FF7FC662B6D), ref: 00007FF7FC663023
  • LoadLibraryExW.KERNEL32(?,?,?,00007FF7FC663242,?,?,?,00007FF7FC662F3C,?,?,?,?,00007FF7FC662B6D), ref: 00007FF7FC66304D
  • FreeLibrary.KERNEL32(?,?,?,00007FF7FC663242,?,?,?,00007FF7FC662F3C,?,?,?,?,00007FF7FC662B6D), ref: 00007FF7FC663093
  • GetProcAddress.KERNEL32(?,?,?,00007FF7FC663242,?,?,?,00007FF7FC662F3C,?,?,?,?,00007FF7FC662B6D), ref: 00007FF7FC66309F
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Library$Load$AddressErrorFreeLastProc
  • String ID: api-ms-
  • API String ID: 2559590344-2084034818
  • Opcode ID: 552cd85e79251fca5c69b66b8b4989ecd090f2f2ec902320b1792a9711b202b8
  • Instruction ID: 8e5e5788e734dfc7f884165e8e9c8e6da399a1c088dcf94aef77ae9e74289833
  • Opcode Fuzzy Hash: 552cd85e79251fca5c69b66b8b4989ecd090f2f2ec902320b1792a9711b202b8
  • Instruction Fuzzy Hash: 4131D62161EA42D1EF13AB02B400575B3A6BF84B64F990535DD7D0B3D4DF3CE24993A0
APIs
  • GetLastError.KERNEL32(?,?,00000000,00007FF7FC6766E1,?,?,?,?,00007FF7FC672F9E), ref: 00007FF7FC66F74B
  • FlsGetValue.KERNEL32(?,?,00000000,00007FF7FC6766E1,?,?,?,?,00007FF7FC672F9E), ref: 00007FF7FC66F760
  • FlsSetValue.KERNEL32(?,?,00000000,00007FF7FC6766E1,?,?,?,?,00007FF7FC672F9E), ref: 00007FF7FC66F781
  • FlsSetValue.KERNEL32(?,?,00000000,00007FF7FC6766E1,?,?,?,?,00007FF7FC672F9E), ref: 00007FF7FC66F7AE
  • FlsSetValue.KERNEL32(?,?,00000000,00007FF7FC6766E1,?,?,?,?,00007FF7FC672F9E), ref: 00007FF7FC66F7BF
  • FlsSetValue.KERNEL32(?,?,00000000,00007FF7FC6766E1,?,?,?,?,00007FF7FC672F9E), ref: 00007FF7FC66F7D0
  • SetLastError.KERNEL32(?,?,00000000,00007FF7FC6766E1,?,?,?,?,00007FF7FC672F9E), ref: 00007FF7FC66F7EB
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Value$ErrorLast
  • String ID:
  • API String ID: 2506987500-0
  • Opcode ID: 1120ceefaa3baef0285c4f83a6f050260e1772464001dcb31d60ed8ffe80fdf6
  • Instruction ID: 56bc2aacfe67b9c994f1f4d5c32669e851cf0b37fc611748e9f463bdcf50b379
  • Opcode Fuzzy Hash: 1120ceefaa3baef0285c4f83a6f050260e1772464001dcb31d60ed8ffe80fdf6
  • Instruction Fuzzy Hash: 83217F21B1D24682F756B7B17542239E7635F447B0FD44B34D83E8AAC6DE2CB60152E2
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: htonsinet_ntop
  • String ID: %s:%d$[%s]:%d
  • API String ID: 2916497671-2542140192
  • Opcode ID: c7f5e68798be55bc08afaee206ff456b57ccd0332590937e2598096621e5df80
  • Instruction ID: 6d7be5240c0c3e74418122e9c70ab8b3f22bba32c0ca7e9ad115c8c6a8857c29
  • Opcode Fuzzy Hash: c7f5e68798be55bc08afaee206ff456b57ccd0332590937e2598096621e5df80
  • Instruction Fuzzy Hash: 9C21C22292CAC6C2E710AB11F5107B9B361FF98B44F905136EB9D06995DF3CE296CBD0
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
  • String ID: CONOUT$
  • API String ID: 3230265001-3130406586
  • Opcode ID: 76aa04044cb277344715c6469544efba744e94b031396714b321de1aaac8034e
  • Instruction ID: 030b29f1f58c62de9c684157dee42ee68e197a4cecfc873350a61ca7b53df6a1
  • Opcode Fuzzy Hash: 76aa04044cb277344715c6469544efba744e94b031396714b321de1aaac8034e
  • Instruction Fuzzy Hash: F611B131A2CB4186E351AB16F855729B3A1FF88BE4F800634DA6D83BD4CF3CDA448790
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ErrorLast$Completion$CloseCreateFileHandleModesNotificationPort
  • String ID:
  • API String ID: 1045803232-0
  • Opcode ID: 6d2457f7008ae3788f79e53d4d0539869ce9aca38dd1c27a53d545a5eec73af4
  • Instruction ID: eadbbd6b91736d5c857b30f086802b361ff16aa85105bcce70eeeb14c666a6d6
  • Opcode Fuzzy Hash: 6d2457f7008ae3788f79e53d4d0539869ce9aca38dd1c27a53d545a5eec73af4
  • Instruction Fuzzy Hash: E3516C3261CB4186E711AF21F450269B3A2FB88B90F904135EBAD43BD5DF38E665D7A0
APIs
  • GetLastError.KERNEL32(?,?,?,00007FF7FC66B639,?,?,?,?,00007FF7FC66F3B3,?,?,00000000,00007FF7FC66F9D2,?,?,?), ref: 00007FF7FC66F8C3
  • FlsSetValue.KERNEL32(?,?,?,00007FF7FC66B639,?,?,?,?,00007FF7FC66F3B3,?,?,00000000,00007FF7FC66F9D2,?,?,?), ref: 00007FF7FC66F8F9
  • FlsSetValue.KERNEL32(?,?,?,00007FF7FC66B639,?,?,?,?,00007FF7FC66F3B3,?,?,00000000,00007FF7FC66F9D2,?,?,?), ref: 00007FF7FC66F926
  • FlsSetValue.KERNEL32(?,?,?,00007FF7FC66B639,?,?,?,?,00007FF7FC66F3B3,?,?,00000000,00007FF7FC66F9D2,?,?,?), ref: 00007FF7FC66F937
  • FlsSetValue.KERNEL32(?,?,?,00007FF7FC66B639,?,?,?,?,00007FF7FC66F3B3,?,?,00000000,00007FF7FC66F9D2,?,?,?), ref: 00007FF7FC66F948
  • SetLastError.KERNEL32(?,?,?,00007FF7FC66B639,?,?,?,?,00007FF7FC66F3B3,?,?,00000000,00007FF7FC66F9D2,?,?,?), ref: 00007FF7FC66F963
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Value$ErrorLast
  • String ID:
  • API String ID: 2506987500-0
  • Opcode ID: 201e0694ee037c668aa6d0b1451f93bb9859f117082875eefc887f0184e75f45
  • Instruction ID: b0ad8cc8ccdab0bf669c9c9775a51edbf80db87e00339117f655220ef5b0e268
  • Opcode Fuzzy Hash: 201e0694ee037c668aa6d0b1451f93bb9859f117082875eefc887f0184e75f45
  • Instruction Fuzzy Hash: BE118131B1D24682F756B361B542239F2635F847B0FD04734D97E8BBC6DE2CE64192A2
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
  • String ID: csm$csm
  • API String ID: 851805269-3733052814
  • Opcode ID: 4228f1b5ec6bcda5d304570d4ed6c870d06834b5b8dd3faeeef95dfff59336f5
  • Instruction ID: 1d82faae05b62fe4f635865f4de0600a0bb6378637f5ede868b446a04b238cbb
  • Opcode Fuzzy Hash: 4228f1b5ec6bcda5d304570d4ed6c870d06834b5b8dd3faeeef95dfff59336f5
  • Instruction Fuzzy Hash: CB61903290C682C6DB65EF11B040278B7B2EB95B88F844135DAAC8B7D5CF3CE650DB50
APIs
  • socket.WS2_32 ref: 00007FF7FC6374F8
    • Part of subcall function 00007FF7FC637170: InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,00007FF7FC63718C,?,?,?,00007FF7FC6366AB), ref: 00007FF7FC6371C4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalInitializeSectionsocket
  • String ID: %s: connect timeout [%s] <=> [%s]$__connect_timeout_cb$malloc failed!$socket
  • API String ID: 1412140385-514941667
  • Opcode ID: 1e27e1713369beb910a9bc321cba82e4bc588fdcde7651b4c79d9b08d0f8fe4c
  • Instruction ID: d3a7e1577fd1e6c27523d30d95812e146adacdbe1622de9c45f84307400a080e
  • Opcode Fuzzy Hash: 1e27e1713369beb910a9bc321cba82e4bc588fdcde7651b4c79d9b08d0f8fe4c
  • Instruction Fuzzy Hash: A251E722E1C78182E711AB25F4013BAA3A2FF98754F904235EAAC477D6DF3CE6819750
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: AddressFreeHandleLibraryModuleProc
  • String ID: CorExitProcess$mscoree.dll
  • API String ID: 4061214504-1276376045
  • Opcode ID: 5aed98f8ea90b193303f169f3b6de5939254577c47cf8f9858ac8dea416f82f9
  • Instruction ID: 7954cf09876d26f983d973ba7327896e66717c5373fc665e7c66e2d1f2bf0f63
  • Opcode Fuzzy Hash: 5aed98f8ea90b193303f169f3b6de5939254577c47cf8f9858ac8dea416f82f9
  • Instruction Fuzzy Hash: CCF0AF61A1D702C1FF25AB20F455779A332BF89760FC40636CA7D8A2E4CF2CD24587A0
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: _set_statfp
  • String ID:
  • API String ID: 1156100317-0
  • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
  • Instruction ID: b8883f8f592d2f139b689b10727676cc1771231cd0e2c2bfac888821b9b585c7
  • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
  • Instruction Fuzzy Hash: 3B11A762E3CA1345F75E3924F44B37991436F54374FD81F34EA7E0A2D68E1C6A4241B1
APIs
  • FlsGetValue.KERNEL32(?,?,?,00007FF7FC66FAE3,?,?,00000000,00007FF7FC66FD7E), ref: 00007FF7FC66F99B
  • FlsSetValue.KERNEL32(?,?,?,00007FF7FC66FAE3,?,?,00000000,00007FF7FC66FD7E), ref: 00007FF7FC66F9BA
  • FlsSetValue.KERNEL32(?,?,?,00007FF7FC66FAE3,?,?,00000000,00007FF7FC66FD7E), ref: 00007FF7FC66F9E2
  • FlsSetValue.KERNEL32(?,?,?,00007FF7FC66FAE3,?,?,00000000,00007FF7FC66FD7E), ref: 00007FF7FC66F9F3
  • FlsSetValue.KERNEL32(?,?,?,00007FF7FC66FAE3,?,?,00000000,00007FF7FC66FD7E), ref: 00007FF7FC66FA04
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Value
  • String ID:
  • API String ID: 3702945584-0
  • Opcode ID: d797b85b19e3919c2ebecf35acea1a48198c377601e2a335252889421c05711c
  • Instruction ID: 5b7485b5aa4b2c0faf52f469ae9374aaa172ce152cf3433f8dbee0facca04148
  • Opcode Fuzzy Hash: d797b85b19e3919c2ebecf35acea1a48198c377601e2a335252889421c05711c
  • Instruction Fuzzy Hash: 7511B421F1D246C1FB56B3657542239F2635F843B0FC45734D83D8AAD6DE2CF60192A2
APIs
  • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7FC6766E1,?,?,?,?,00007FF7FC672F9E), ref: 00007FF7FC66F821
  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7FC6766E1,?,?,?,?,00007FF7FC672F9E), ref: 00007FF7FC66F840
  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7FC6766E1,?,?,?,?,00007FF7FC672F9E), ref: 00007FF7FC66F868
  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7FC6766E1,?,?,?,?,00007FF7FC672F9E), ref: 00007FF7FC66F879
  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7FC6766E1,?,?,?,?,00007FF7FC672F9E), ref: 00007FF7FC66F88A
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Value
  • String ID:
  • API String ID: 3702945584-0
  • Opcode ID: 78bfbef2f3b0ba9d3b8006b2788b0bda801d163bf17d56fb24c51ff2f3ac126f
  • Instruction ID: 49e1e8939fcac103bfdf4348d303737c32b95b8a1a319c795d1bf55e989fa244
  • Opcode Fuzzy Hash: 78bfbef2f3b0ba9d3b8006b2788b0bda801d163bf17d56fb24c51ff2f3ac126f
  • Instruction Fuzzy Hash: 6C110020E1D10B82FB5AB2657452279B2A34F85370FD44B78D93D8E7D3DD2CB60152B2
APIs
  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC673FB5
    • Part of subcall function 00007FF7FC66F1C0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC66F1DD
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID: UTF-16LEUNICODE$UTF-8$ccs
  • API String ID: 3215553584-1196891531
  • Opcode ID: 226d5406512e53d40f6e13c16d009ec24dd9e1c8b466ea8e117ee58a84df1fec
  • Instruction ID: 684e3c82882a8c2b0b92824814426a29c317208aaf2461d3e6de13515b18e8e2
  • Opcode Fuzzy Hash: 226d5406512e53d40f6e13c16d009ec24dd9e1c8b466ea8e117ee58a84df1fec
  • Instruction Fuzzy Hash: C7811932D2C243C5F7776E28A256238EBE39F91744FD45832C62D462D5CF2DAA0683E1
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ErrorLastOnce$ExecuteInit
  • String ID: epoll
  • API String ID: 1616473516-839395961
  • Opcode ID: 0a476880ba3b2e0d03251b106006fb6fdcdc9149ab496a491977dd24876d3f3b
  • Instruction ID: 7cc40bd71d3e0c8fb2d842148ed0d4b55e77c67f07d156f84af47d8f5dbf19d6
  • Opcode Fuzzy Hash: 0a476880ba3b2e0d03251b106006fb6fdcdc9149ab496a491977dd24876d3f3b
  • Instruction Fuzzy Hash: 0251C032A1CA4285E716AB15F450679B7A2FF84B94F840039DA3E07BD5CF3CE605A7A4
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CallEncodePointerTranslator
  • String ID: MOC$RCC
  • API String ID: 3544855599-2084237596
  • Opcode ID: f06baa1fb7555f1e7010114fa83e2796fcc8a77d71db92ec9888fadc166b9f96
  • Instruction ID: 7215ff2ac19d9402ea65467f34af1765609500c9ecd8ccb2c1a340e6ce933fef
  • Opcode Fuzzy Hash: f06baa1fb7555f1e7010114fa83e2796fcc8a77d71db92ec9888fadc166b9f96
  • Instruction Fuzzy Hash: 04517732A0CA85CAE712DF65E0403ADB7B6FB44B88F540525EF591BB98CF38E245C790
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ErrorLast$CriticalEnterSectionconnectsend
  • String ID: connect
  • API String ID: 3249173717-1959786783
  • Opcode ID: 29d1e488ccccdd720045cf5477582c29f55353edb8d15d1da4bb52f7051c6103
  • Instruction ID: 4d3722933572e1ebf8133bad32350ada7d4e5668cbc5817e12de309cab21b08a
  • Opcode Fuzzy Hash: 29d1e488ccccdd720045cf5477582c29f55353edb8d15d1da4bb52f7051c6103
  • Instruction Fuzzy Hash: E4515F32A08B4186E751DF24F480269B7E1FB48B94F540135EB9C87799EF3DD691CB90
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID:
  • String ID: %s: hloop_stop tid=%ld$hloop_stop
  • API String ID: 0-1371063294
  • Opcode ID: 7aca0defc75da1aed744bbbda1a078a02d99e95c3f168eea0f8633acdcd8f5b1
  • Instruction ID: 3ca4647a4dd9cf4a77512de9a21aec2d056ec37b61e3dbab055a0a0ff071bd76
  • Opcode Fuzzy Hash: 7aca0defc75da1aed744bbbda1a078a02d99e95c3f168eea0f8633acdcd8f5b1
  • Instruction Fuzzy Hash: 89117322E1C68183E742AB10F6013B9A361FF94750F905231E6BC02AD5DF7CE6E4CA50
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: FileWrite$ConsoleErrorLastOutput
  • String ID:
  • API String ID: 2718003287-0
  • Opcode ID: 06a81b3d14087c555aa25a34b0908579260bc3cf64145294735286e07c07a2b6
  • Instruction ID: 57554f2c2347555d18597b6112c3a9725a791bdeaf82005c38a36e5a9d4ae4cc
  • Opcode Fuzzy Hash: 06a81b3d14087c555aa25a34b0908579260bc3cf64145294735286e07c07a2b6
  • Instruction Fuzzy Hash: 73D1F332B1CA81CAE712DF79E4401ACB772E744798B904232DE6D5BBD5DE38D506C790
APIs
  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,00000002,?,00000001,?,00007FF7FC668F49), ref: 00007FF7FC66EA3F
  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000002,?,00000001,?,00007FF7FC668F49), ref: 00007FF7FC66EAC9
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ConsoleErrorLastMode
  • String ID:
  • API String ID: 953036326-0
  • Opcode ID: d6638b2dce63829184dd05857a8c7dbcab6710b29fd0ea9aa2005b5c0f484485
  • Instruction ID: 3fb34452cdcd434f7c63e98add912030acc658a4c4db7b490eb94345f1ba1bb0
  • Opcode Fuzzy Hash: d6638b2dce63829184dd05857a8c7dbcab6710b29fd0ea9aa2005b5c0f484485
  • Instruction Fuzzy Hash: 5991F372E1CA52C5FB52EB65A4402BDBBB2BB45788F844136EE1E1B6C4CF38D541D3A0
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalSection$CurrentDeleteEnterLeaveThreadclosesocket
  • String ID:
  • API String ID: 819225210-0
  • Opcode ID: 486faecb4d90547b85a44aea86a07e159a1ad1b9c8c6b52faadbbdee60369bda
  • Instruction ID: b798536c45baced41a4a0381e00ac8dc7b7d8b79788d6aef1d118795d94208df
  • Opcode Fuzzy Hash: 486faecb4d90547b85a44aea86a07e159a1ad1b9c8c6b52faadbbdee60369bda
  • Instruction Fuzzy Hash: 9F912932A0AB8185EB52AF21E9502B8B3B5FB44F45F884135CF6D07795CF39E162D3A4
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo$_get_daylight
  • String ID:
  • API String ID: 72036449-0
  • Opcode ID: ac92d60419500a0e85d97394f42968c38e5fd0e3fa87329dc1092b22ef3be445
  • Instruction ID: de0b1daabcfb67233e2278e722c9013eb13fb54a3115a15278deecf756be5f4c
  • Opcode Fuzzy Hash: ac92d60419500a0e85d97394f42968c38e5fd0e3fa87329dc1092b22ef3be445
  • Instruction Fuzzy Hash: C0510532D2C60382F76B6928B10237DE6D3EF41714F984835D92D872D2CE3CEA4196E1
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalLeaveSection
  • String ID: gfff$gfff$gfff
  • API String ID: 3988221542-4275324669
  • Opcode ID: 8a61911fb0f139e0e1abcb95f206e90bda327dc11b7f9ca7a49d7c368d7bcd91
  • Instruction ID: 7e9ed7dfcd177d462cda7c33667639c395b64bd3a85f5475e03c49b2f939583d
  • Opcode Fuzzy Hash: 8a61911fb0f139e0e1abcb95f206e90bda327dc11b7f9ca7a49d7c368d7bcd91
  • Instruction Fuzzy Hash: FF514E56A1C1D087F767DB2DF4113A9BB91AB51380F848035C95D8B7C2CE2DE60AE7A2
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalLeaveSection
  • String ID: gfff$gfff$gfff
  • API String ID: 3988221542-4275324669
  • Opcode ID: 487457c38508a7a68f658555398bc5b429b8a977de7ffd08580d8e1d722cba79
  • Instruction ID: ceb49c6a6e427577d82169876b16505612f8cb8579a0b888cccd45b551aa1032
  • Opcode Fuzzy Hash: 487457c38508a7a68f658555398bc5b429b8a977de7ffd08580d8e1d722cba79
  • Instruction Fuzzy Hash: 2041A055B1C2D486E762DB2DB4117A9A751EF40380F858036C99C8B7C3DE2ED609E7A1
APIs
  • InitOnceExecuteOnce.KERNEL32(00000000,?,?,00007FF7FC6373A3,?,?,?,?,00000000,00007FF7FC638AE6), ref: 00007FF7FC63D948
  • SetLastError.KERNEL32(00000000,?,?,00007FF7FC6373A3,?,?,?,?,00000000,00007FF7FC638AE6), ref: 00007FF7FC63D984
  • EnterCriticalSection.KERNEL32(00000000,?,?,00007FF7FC6373A3,?,?,?,?,00000000,00007FF7FC638AE6), ref: 00007FF7FC63D9A8
  • LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7FC638AE6), ref: 00007FF7FC63D9C6
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: CriticalOnceSection$EnterErrorExecuteInitLastLeave
  • String ID:
  • API String ID: 4188264869-0
  • Opcode ID: 0ddcfa38c25fc5b9240f42864cd17b1b6752c8e4d9dcb49f1a46f9b3bcf1d259
  • Instruction ID: 2185a1f1d6410a02dd2c050b27ac896f68f2f796d148d9f12711eccbaebd3483
  • Opcode Fuzzy Hash: 0ddcfa38c25fc5b9240f42864cd17b1b6752c8e4d9dcb49f1a46f9b3bcf1d259
  • Instruction Fuzzy Hash: 18310621A1CA4282E716BB65F850679A3A2FF44BA4FC00131EE2D43BD5DF3CD6469790
APIs
    • Part of subcall function 00007FF7FC669078: GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7FC66908C
  • InitializeCriticalSection.KERNEL32 ref: 00007FF7FC63A95F
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: Time$CriticalFileInitializeSectionSystem
  • String ID: %y-%m-%d %H:%M:%S.%z %L %s$.log$libhv
  • API String ID: 3636037965-306652526
  • Opcode ID: 20fbf7ec5c5bf885d6d0046cf95bf72dc0b61bb524e620cbdedd8b98ff8a0758
  • Instruction ID: 518cf093c6f41cc705ff60eed9403e3db0229ba205200aeeb1ad95b121100fb9
  • Opcode Fuzzy Hash: 20fbf7ec5c5bf885d6d0046cf95bf72dc0b61bb524e620cbdedd8b98ff8a0758
  • Instruction Fuzzy Hash: 6C316C3261CB8192E746AB20F5803A9B7A2FB48740F804135DBAD07BD1DF3CE664D790
APIs
    • Part of subcall function 00007FF7FC67451C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FC67454F
  • _get_daylight.LIBCMT ref: 00007FF7FC672C3C
  • _get_daylight.LIBCMT ref: 00007FF7FC672C4D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: _get_daylight$_invalid_parameter_noinfo
  • String ID: ?
  • API String ID: 1286766494-1684325040
  • Opcode ID: c2870e2ba6d2d0e3c3eaa483e98efade5e581758184014a42fbde267f27e22d8
  • Instruction ID: 1fba152cb0252a55d834828333c4353361d916a42de84d97cc31e368ca45014f
  • Opcode Fuzzy Hash: c2870e2ba6d2d0e3c3eaa483e98efade5e581758184014a42fbde267f27e22d8
  • Instruction Fuzzy Hash: B5412D12A2C242C1FB62AB25B442379E762EF90BA8F904635EE6C47AD5DF3CD5418790
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ErrorFileLastWrite
  • String ID: U
  • API String ID: 442123175-4171548499
  • Opcode ID: 68ca005b9e93d516cd0b079fb029acc1fdf02b006f81bab340386bcb59339a85
  • Instruction ID: daecbfa36ecfa5a652dea09d07b5a0778912523453b5d5e02aca26701ddf2e4b
  • Opcode Fuzzy Hash: 68ca005b9e93d516cd0b079fb029acc1fdf02b006f81bab340386bcb59339a85
  • Instruction Fuzzy Hash: E941B132A2CA4185DB21AF25F4443AAB7A2FB98784F844031EE5D87788EF3CD601D790
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ExceptionFileHeaderRaise
  • String ID: csm
  • API String ID: 2573137834-1018135373
  • Opcode ID: cff1c8b65b0e3b494fb35f1acb449894b86391aae52999ddacbf0dbd12582144
  • Instruction ID: 4d6ef8c61ac3c96936ef5a440c14f1ae3282649ddf5cbd8cc2c9ce1cb18c8c92
  • Opcode Fuzzy Hash: cff1c8b65b0e3b494fb35f1acb449894b86391aae52999ddacbf0dbd12582144
  • Instruction Fuzzy Hash: D9112B32A1CB41C2EB129F15F440269B7A5FB88B84F584230DE9D077A8DF3DD6518780
APIs
  • __C_specific_handler.LIBVCRUNTIME ref: 00007FF7FC67DA08
    • Part of subcall function 00007FF7FC662958: __except_validate_context_record.LIBVCRUNTIME ref: 00007FF7FC662983
    • Part of subcall function 00007FF7FC662958: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FF7FC662A18
    • Part of subcall function 00007FF7FC662958: RtlUnwindEx.KERNEL32 ref: 00007FF7FC662A67
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: C_specific_handlerCurrentImageNonwritableUnwind__except_validate_context_record
  • String ID: csm$f
  • API String ID: 3112662972-629598281
  • Opcode ID: 4e3a60641c7b8b8ecb570175ae6f0cd645c3cd6fb8032caa5a0a024058b89d50
  • Instruction ID: 809abfd69a7c42ece9c178a1e7fc2c209976447cfa79752874cb4a2d78ca8c48
  • Opcode Fuzzy Hash: 4e3a60641c7b8b8ecb570175ae6f0cd645c3cd6fb8032caa5a0a024058b89d50
  • Instruction Fuzzy Hash: F3E0EC21D1C74681DB2A7722F04113CB7F1AF45B48F548930D7680B3C6CE3CE9918755
APIs
  • SetLastError.KERNEL32 ref: 00007FF7FC63F271
  • GetLastError.KERNEL32 ref: 00007FF7FC63F2A7
  • GetLastError.KERNEL32 ref: 00007FF7FC63F2B9
    • Part of subcall function 00007FF7FC63ECD0: SetLastError.KERNEL32(?,?,?,?,?,?,-00000030,00007FF7FC63F171), ref: 00007FF7FC63ED1D
Memory Dump Source
  • Source File: 00000000.00000002.2025082106.00007FF7FC631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FC630000, based on PE: true
  • Associated: 00000000.00000002.2025062748.00007FF7FC630000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025138187.00007FF7FC67F000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC693000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025164874.00007FF7FC696000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025207990.00007FF7FC698000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2025224708.00007FF7FC69E000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7fc630000_wlogon.jbxd
Similarity
  • API ID: ErrorLast
  • String ID:
  • API String ID: 1452528299-0
  • Opcode ID: b90aec78d6fee9a87596953d7d877dad3a2170d380d66d852b30779fbc351414
  • Instruction ID: b5fe38660a46a01c663dafcb24b51c41a63439148c07deb32e18aba183421266
  • Opcode Fuzzy Hash: b90aec78d6fee9a87596953d7d877dad3a2170d380d66d852b30779fbc351414
  • Instruction Fuzzy Hash: A851C272B0C74182EB499B29E54022DB3A2FB84B94F844135DB6DC7BD5DF3CE9A18780