Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Invoice & Packing list For Sea Shipment.exe

Overview

General Information

Sample name:Invoice & Packing list For Sea Shipment.exe
Analysis ID:1540277
MD5:c1bca0dbb6e614a1f38efdba926db82d
SHA1:94addf2011056281afcd7425657d76e760d77bad
SHA256:1ae734d22270bb261f984838e51a77bc5f32be08ac895157ac2691d042fa6dc3
Tags:exeFormbookuser-lowmal3
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Uses netstat to query active network connections and open ports
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Invoice & Packing list For Sea Shipment.exe (PID: 5392 cmdline: "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe" MD5: C1BCA0DBB6E614A1F38EFDBA926DB82D)
    • svchost.exe (PID: 6264 cmdline: "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • explorer.exe (PID: 4004 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • autoconv.exe (PID: 5824 cmdline: "C:\Windows\SysWOW64\autoconv.exe" MD5: A705C2ACED7DDB71AFB87C4ED384BED6)
        • NETSTAT.EXE (PID: 5940 cmdline: "C:\Windows\SysWOW64\NETSTAT.EXE" MD5: 9DB170ED520A6DD57B5AC92EC537368A)
          • cmd.exe (PID: 6124 cmdline: /c del "C:\Windows\SysWOW64\svchost.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 6260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.9net88.net/ge07/"], "decoy": ["amyard.shop", "eloshost.xyz", "g18q11a.top", "orensic-vendor-735524320.click", "ithin-ksvodn.xyz", "xhyx.top", "elonix-traceglow.pro", "cillascrewedsedroth.cfd", "wner-nyquh.xyz", "reyhazeusa.shop", "esmellretaperetotal.cfd", "hqm-during.xyz", "pipagtxcorrelo.xyz", "lray-civil.xyz", "apybarameme.xyz", "rbuds.shop", "hild-fcudh.xyz", "rkgexg.top", "estwestcottwines.shop", "giyztm.xyz", "epehr.pics", "lways-vhyrp.xyz", "acifictechnologycctv.net", "iscinddocenaemlynne.cfd", "ridesmaidgiftsboutiqueki.shop", "ubtleclothingco.fashion", "hemicans.xyz", "ebaoge318.top", "zoc-marriage.xyz", "ngeribe2.homes", "oal-ahzgwo.xyz", "eries-htii.xyz", "ool-covers76.xyz", "ecurityemployment.today", "croom.net", "f7y2i9fgm.xyz", "earch-lawyer-consultation.today", "066iwx2t.shop", "ound-omagf.xyz", "ivglass.xyz", "fdyh-investment.xyz", "yegle.net", "eader-aaexvn.xyz", "dvle-father.xyz", "onsfskfsmpfssfpewqdsawqe.xyz", "ffect-xedzl.xyz", "ood-packaging-jobs-brasil.today", "lasterdeals.shop", "ehkd.top", "pm-22-ns-2.click", "ocockbowerlybrawer.cfd", "ostcanadantpl.top", "vrkof-point.xyz", "lsader.app", "nce-ystyx.xyz", "azl.pro", "ea-yogkkb.xyz", "isit-txax.xyz", "rowadservepros.net", "6282.xyz", "roduct-xgky.xyz", "wner-nyquh.xyz", "sfmoreservicesllc.lat", "rasko.net"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cb80:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b8e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c8ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18809:$sqlite3step: 68 34 1C 7B E1
      • 0x1891c:$sqlite3step: 68 34 1C 7B E1
      • 0x18838:$sqlite3text: 68 38 2A 90 C5
      • 0x1895d:$sqlite3text: 68 38 2A 90 C5
      • 0x1884b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x18973:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 35 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1cb80:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xa9bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x158a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b8e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c8ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x18809:$sqlite3step: 68 34 1C 7B E1
          • 0x1891c:$sqlite3step: 68 34 1C 7B E1
          • 0x18838:$sqlite3text: 68 38 2A 90 C5
          • 0x1895d:$sqlite3text: 68 38 2A 90 C5
          • 0x1884b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x18973:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 15 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Uncommon Svchost Parent Process
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe", CommandLine: "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe", CommandLine|base64offset|contains: =$x, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe", ParentImage: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe, ParentProcessId: 5392, ParentProcessName: Invoice & Packing list For Sea Shipment.exe, ProcessCommandLine: "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe", ProcessId: 6264, ProcessName: svchost.exe
          Sigma detected: Windows Processes Suspicious Parent Directory
          Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe", CommandLine: "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe", CommandLine|base64offset|contains: =$x, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe", ParentImage: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe, ParentProcessId: 5392, ParentProcessName: Invoice & Packing list For Sea Shipment.exe, ProcessCommandLine: "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe", ProcessId: 6264, ProcessName: svchost.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-23T16:36:16.758074+020020314531Malware Command and Control Activity Detected192.168.2.650004199.59.243.22780TCP
          2024-10-23T16:38:19.553919+020020314531Malware Command and Control Activity Detected192.168.2.65000989.184.73.14980TCP
          2024-10-23T16:39:00.926521+020020314531Malware Command and Control Activity Detected192.168.2.650010156.235.1.3080TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.9net88.net/ge07/"], "decoy": ["amyard.shop", "eloshost.xyz", "g18q11a.top", "orensic-vendor-735524320.click", "ithin-ksvodn.xyz", "xhyx.top", "elonix-traceglow.pro", "cillascrewedsedroth.cfd", "wner-nyquh.xyz", "reyhazeusa.shop", "esmellretaperetotal.cfd", "hqm-during.xyz", "pipagtxcorrelo.xyz", "lray-civil.xyz", "apybarameme.xyz", "rbuds.shop", "hild-fcudh.xyz", "rkgexg.top", "estwestcottwines.shop", "giyztm.xyz", "epehr.pics", "lways-vhyrp.xyz", "acifictechnologycctv.net", "iscinddocenaemlynne.cfd", "ridesmaidgiftsboutiqueki.shop", "ubtleclothingco.fashion", "hemicans.xyz", "ebaoge318.top", "zoc-marriage.xyz", "ngeribe2.homes", "oal-ahzgwo.xyz", "eries-htii.xyz", "ool-covers76.xyz", "ecurityemployment.today", "croom.net", "f7y2i9fgm.xyz", "earch-lawyer-consultation.today", "066iwx2t.shop", "ound-omagf.xyz", "ivglass.xyz", "fdyh-investment.xyz", "yegle.net", "eader-aaexvn.xyz", "dvle-father.xyz", "onsfskfsmpfssfpewqdsawqe.xyz", "ffect-xedzl.xyz", "ood-packaging-jobs-brasil.today", "lasterdeals.shop", "ehkd.top", "pm-22-ns-2.click", "ocockbowerlybrawer.cfd", "ostcanadantpl.top", "vrkof-point.xyz", "lsader.app", "nce-ystyx.xyz", "azl.pro", "ea-yogkkb.xyz", "isit-txax.xyz", "rowadservepros.net", "6282.xyz", "roduct-xgky.xyz", "wner-nyquh.xyz", "sfmoreservicesllc.lat", "rasko.net"]}
          Multi AV Scanner detection for submitted file
          Source: Invoice & Packing list For Sea Shipment.exeReversingLabs: Detection: 26%
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: Invoice & Packing list For Sea Shipment.exeJoe Sandbox ML: detected
          Source: Invoice & Packing list For Sea Shipment.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: Binary string: netstat.pdbGCTL source: svchost.exe, 00000004.00000003.2196068996.0000000002A1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2196787652.0000000003070000.00000040.10000000.00040000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4558019691.0000000000110000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: netstat.pdb source: svchost.exe, 00000004.00000003.2196068996.0000000002A1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2196787652.0000000003070000.00000040.10000000.00040000.00000000.sdmp, NETSTAT.EXE, NETSTAT.EXE, 00000007.00000002.4558019691.0000000000110000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: Invoice & Packing list For Sea Shipment.exe, 00000002.00000003.2125549142.0000000004360000.00000004.00001000.00020000.00000000.sdmp, Invoice & Packing list For Sea Shipment.exe, 00000002.00000003.2129401938.00000000041C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2132084690.0000000002F00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2129633838.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2196922212.000000000329E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2196922212.0000000003100000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4558999890.000000000303E000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4558999890.0000000002EA0000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000003.2196556047.0000000002B39000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000003.2198211362.0000000002CEB000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Invoice & Packing list For Sea Shipment.exe, 00000002.00000003.2125549142.0000000004360000.00000004.00001000.00020000.00000000.sdmp, Invoice & Packing list For Sea Shipment.exe, 00000002.00000003.2129401938.00000000041C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000004.00000003.2132084690.0000000002F00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2129633838.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2196922212.000000000329E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2196922212.0000000003100000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, NETSTAT.EXE, 00000007.00000002.4558999890.000000000303E000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4558999890.0000000002EA0000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000003.2196556047.0000000002B39000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000003.2198211362.0000000002CEB000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: svchost.pdb source: explorer.exe, 00000005.00000002.4572251771.0000000010CCF000.00000004.80000000.00040000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4558514292.00000000028F1000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4559591877.00000000033EF000.00000004.10000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: explorer.exe, 00000005.00000002.4572251771.0000000010CCF000.00000004.80000000.00040000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4558514292.00000000028F1000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4559591877.00000000033EF000.00000004.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,2_2_00452126
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,2_2_0045C999
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,2_2_00436ADE
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00434BEE
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0045DD7C FindFirstFileW,FindClose,2_2_0045DD7C
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,2_2_0044BD29
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,2_2_00436D2D
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00442E1F
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_00475FE5
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,2_2_0044BF8D

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50009 -> 89.184.73.149:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50009 -> 89.184.73.149:80
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50010 -> 156.235.1.30:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50009 -> 89.184.73.149:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50010 -> 156.235.1.30:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50010 -> 156.235.1.30:80
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50004 -> 199.59.243.227:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50004 -> 199.59.243.227:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50004 -> 199.59.243.227:80
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.9net88.net/ge07/
          Performs DNS queries to domains with low reputation
          Source: DNS query: www.roduct-xgky.xyz
          Source: DNS query: www.ound-omagf.xyz
          Source: DNS query: www.onsfskfsmpfssfpewqdsawqe.xyz
          Source: DNS query: www.oal-ahzgwo.xyz
          Source: DNS query: www.6282.xyz
          Source: DNS query: www.hemicans.xyz
          Uses netstat to query active network connections and open ports
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE "C:\Windows\SysWOW64\NETSTAT.EXE"
          Source: global trafficHTTP traffic detected: GET /ge07/?XRA4Dv_0=rInKjcO63u4K1THTAINFv2coOl+G9i0Xo3vzod/XDYjf3VmyXg5Nkxs22ujGcbkomNpSpJke0g==&DVld2=Ybu8dZf0 HTTP/1.1Host: www.9net88.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 199.59.243.227 199.59.243.227
          Source: Joe Sandbox ViewASN Name: BODIS-NJUS BODIS-NJUS
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0044289D InternetQueryDataAvailable,InternetReadFile,2_2_0044289D
          Source: global trafficHTTP traffic detected: GET /ge07/?XRA4Dv_0=rInKjcO63u4K1THTAINFv2coOl+G9i0Xo3vzod/XDYjf3VmyXg5Nkxs22ujGcbkomNpSpJke0g==&DVld2=Ybu8dZf0 HTTP/1.1Host: www.9net88.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficDNS traffic detected: DNS query: www.ridesmaidgiftsboutiqueki.shop
          Source: global trafficDNS traffic detected: DNS query: www.roduct-xgky.xyz
          Source: global trafficDNS traffic detected: DNS query: www.9net88.net
          Source: global trafficDNS traffic detected: DNS query: www.ound-omagf.xyz
          Source: global trafficDNS traffic detected: DNS query: www.sfmoreservicesllc.lat
          Source: global trafficDNS traffic detected: DNS query: www.ecurityemployment.today
          Source: global trafficDNS traffic detected: DNS query: www.onsfskfsmpfssfpewqdsawqe.xyz
          Source: global trafficDNS traffic detected: DNS query: www.oal-ahzgwo.xyz
          Source: global trafficDNS traffic detected: DNS query: www.rasko.net
          Source: global trafficDNS traffic detected: DNS query: www.ehkd.top
          Source: global trafficDNS traffic detected: DNS query: www.6282.xyz
          Source: global trafficDNS traffic detected: DNS query: www.hemicans.xyz
          Source: explorer.exe, 00000005.00000002.4563193761.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2143452239.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2143452239.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: explorer.exe, 00000005.00000002.4563193761.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2143452239.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2143452239.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: explorer.exe, 00000005.00000002.4563193761.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2143452239.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2143452239.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: explorer.exe, 00000005.00000002.4563193761.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2143452239.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2143452239.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: explorer.exe, 00000005.00000000.2143452239.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
          Source: explorer.exe, 00000005.00000000.2142359061.0000000007B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.2142341594.0000000007B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.2138425135.00000000028A0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6282.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6282.xyz/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6282.xyz/ge07/www.hemicans.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6282.xyzReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.9net88.net
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.9net88.net/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.9net88.net/ge07/www.ound-omagf.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.9net88.netReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ecurityemployment.today
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ecurityemployment.today/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ecurityemployment.today/ge07/www.onsfskfsmpfssfpewqdsawqe.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ecurityemployment.todayReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ehkd.top
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ehkd.top/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ehkd.top/ge07/www.6282.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ehkd.topReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.f7y2i9fgm.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.f7y2i9fgm.xyz/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.f7y2i9fgm.xyz/ge07/www.giyztm.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.f7y2i9fgm.xyzReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.giyztm.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.giyztm.xyz/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.giyztm.xyz/ge07/www.ocockbowerlybrawer.cfd
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.giyztm.xyzReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hemicans.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hemicans.xyz/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hemicans.xyz/ge07/www.f7y2i9fgm.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hemicans.xyzReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hqm-during.xyz
          Source: explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hqm-during.xyz/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hqm-during.xyzReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.oal-ahzgwo.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.oal-ahzgwo.xyz/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.oal-ahzgwo.xyz/ge07/www.rasko.net
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.oal-ahzgwo.xyzReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ocockbowerlybrawer.cfd
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ocockbowerlybrawer.cfd/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ocockbowerlybrawer.cfd/ge07/www.hqm-during.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ocockbowerlybrawer.cfdReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.onsfskfsmpfssfpewqdsawqe.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.onsfskfsmpfssfpewqdsawqe.xyz/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.onsfskfsmpfssfpewqdsawqe.xyz/ge07/www.oal-ahzgwo.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.onsfskfsmpfssfpewqdsawqe.xyzReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ound-omagf.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ound-omagf.xyz/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ound-omagf.xyz/ge07/www.sfmoreservicesllc.lat
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ound-omagf.xyzReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rasko.net
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rasko.net/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rasko.net/ge07/www.ehkd.top
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rasko.netReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ridesmaidgiftsboutiqueki.shop
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ridesmaidgiftsboutiqueki.shop/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ridesmaidgiftsboutiqueki.shop/ge07/www.roduct-xgky.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ridesmaidgiftsboutiqueki.shopReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.roduct-xgky.xyz
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.roduct-xgky.xyz/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.roduct-xgky.xyz/ge07/www.9net88.net
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.roduct-xgky.xyzReferer:
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sfmoreservicesllc.lat
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sfmoreservicesllc.lat/ge07/
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sfmoreservicesllc.lat/ge07/www.ecurityemployment.today
          Source: explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sfmoreservicesllc.latReferer:
          Source: explorer.exe, 00000005.00000003.2979291022.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2144111373.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563935093.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
          Source: explorer.exe, 00000005.00000000.2148059498.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
          Source: explorer.exe, 00000005.00000000.2143452239.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
          Source: explorer.exe, 00000005.00000000.2143452239.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/I
          Source: explorer.exe, 00000005.00000000.2143452239.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: explorer.exe, 00000005.00000000.2143452239.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2143452239.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
          Source: explorer.exe, 00000005.00000000.2143452239.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
          Source: explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
          Source: explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
          Source: explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
          Source: explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark
          Source: explorer.exe, 00000005.00000000.2148059498.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4569767529.000000000C08C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981137973.000000000C08C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com-
          Source: explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzME7S.img
          Source: explorer.exe, 00000005.00000000.2148059498.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4569767529.000000000C08C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981137973.000000000C08C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.come
          Source: explorer.exe, 00000005.00000000.2148059498.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4569767529.000000000BFEF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comEMd
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000005.00000003.2979291022.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2144111373.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563935093.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/e
          Source: explorer.exe, 00000005.00000000.2148059498.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4569767529.000000000C08C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981137973.000000000C08C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comM
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-ei
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
          Source: explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0046C5D0 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,2_2_0046C5D0
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00459FFF OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_00459FFF
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0046C5D0 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,2_2_0046C5D0
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00456354 GetCursorPos,ScreenToClient,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetWindowLongW,2_2_00456354
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,2_2_0047C08E

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 4.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 4.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.4571837809.000000001027D000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d Author: unknown
          Source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: Invoice & Packing list For Sea Shipment.exe PID: 5392, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: svchost.exe PID: 6264, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: Semi-Auto-generated - file ironshell.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
          Source: Process Memory Space: NETSTAT.EXE PID: 5940, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Initial sample is a PE file and has a suspicious name
          Source: initial sampleStatic PE information: Filename: Invoice & Packing list For Sea Shipment.exe
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041A320 NtCreateFile,4_2_0041A320
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041A3D0 NtReadFile,4_2_0041A3D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041A450 NtClose,4_2_0041A450
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041A500 NtAllocateVirtualMemory,4_2_0041A500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041A31D NtCreateFile,4_2_0041A31D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041A44A NtClose,4_2_0041A44A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172B60 NtClose,LdrInitializeThunk,4_2_03172B60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172BF0 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_03172BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172AD0 NtReadFile,LdrInitializeThunk,4_2_03172AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172F30 NtCreateSection,LdrInitializeThunk,4_2_03172F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172F90 NtProtectVirtualMemory,LdrInitializeThunk,4_2_03172F90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172FB0 NtResumeThread,LdrInitializeThunk,4_2_03172FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172FE0 NtCreateFile,LdrInitializeThunk,4_2_03172FE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172E80 NtReadVirtualMemory,LdrInitializeThunk,4_2_03172E80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,4_2_03172EA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172D10 NtMapViewOfSection,LdrInitializeThunk,4_2_03172D10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172D30 NtUnmapViewOfSection,LdrInitializeThunk,4_2_03172D30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172DD0 NtDelayExecution,LdrInitializeThunk,4_2_03172DD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_03172DF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_03172C70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172CA0 NtQueryInformationToken,LdrInitializeThunk,4_2_03172CA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03174340 NtSetContextThread,4_2_03174340
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03174650 NtSuspendThread,4_2_03174650
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172B80 NtQueryInformationFile,4_2_03172B80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172BA0 NtEnumerateValueKey,4_2_03172BA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172BE0 NtQueryValueKey,4_2_03172BE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172AB0 NtWaitForSingleObject,4_2_03172AB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172AF0 NtWriteFile,4_2_03172AF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172F60 NtCreateProcessEx,4_2_03172F60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172FA0 NtQuerySection,4_2_03172FA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172E30 NtWriteVirtualMemory,4_2_03172E30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172EE0 NtQueueApcThread,4_2_03172EE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172D00 NtSetInformationFile,4_2_03172D00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172DB0 NtEnumerateKey,4_2_03172DB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172C00 NtQueryInformationProcess,4_2_03172C00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172C60 NtCreateKey,4_2_03172C60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172CC0 NtQueryVirtualMemory,4_2_03172CC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172CF0 NtOpenProcess,4_2_03172CF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03173010 NtOpenDirectoryObject,4_2_03173010
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03173090 NtSetValueKey,4_2_03173090
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031735C0 NtCreateMutant,4_2_031735C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031739B0 NtGetContextThread,4_2_031739B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03173D10 NtOpenProcessToken,4_2_03173D10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03173D70 NtOpenThread,4_2_03173D70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030AA036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,NtClose,4_2_030AA036
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030AA042 NtQueryInformationProcess,4_2_030AA042
          Source: C:\Windows\explorer.exeCode function: 5_2_10265232 NtCreateFile,5_2_10265232
          Source: C:\Windows\explorer.exeCode function: 5_2_10266E12 NtProtectVirtualMemory,5_2_10266E12
          Source: C:\Windows\explorer.exeCode function: 5_2_10266E0A NtProtectVirtualMemory,5_2_10266E0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12AD0 NtReadFile,LdrInitializeThunk,7_2_02F12AD0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_02F12BF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12BE0 NtQueryValueKey,LdrInitializeThunk,7_2_02F12BE0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12B60 NtClose,LdrInitializeThunk,7_2_02F12B60
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_02F12EA0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12FE0 NtCreateFile,LdrInitializeThunk,7_2_02F12FE0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12F30 NtCreateSection,LdrInitializeThunk,7_2_02F12F30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_02F12CA0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_02F12C70
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12C60 NtCreateKey,LdrInitializeThunk,7_2_02F12C60
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_02F12DF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12DD0 NtDelayExecution,LdrInitializeThunk,7_2_02F12DD0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12D10 NtMapViewOfSection,LdrInitializeThunk,7_2_02F12D10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F135C0 NtCreateMutant,LdrInitializeThunk,7_2_02F135C0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F14340 NtSetContextThread,7_2_02F14340
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F14650 NtSuspendThread,7_2_02F14650
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12AF0 NtWriteFile,7_2_02F12AF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12AB0 NtWaitForSingleObject,7_2_02F12AB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12BA0 NtEnumerateValueKey,7_2_02F12BA0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12B80 NtQueryInformationFile,7_2_02F12B80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12EE0 NtQueueApcThread,7_2_02F12EE0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12E80 NtReadVirtualMemory,7_2_02F12E80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12E30 NtWriteVirtualMemory,7_2_02F12E30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12FB0 NtResumeThread,7_2_02F12FB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12FA0 NtQuerySection,7_2_02F12FA0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12F90 NtProtectVirtualMemory,7_2_02F12F90
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12F60 NtCreateProcessEx,7_2_02F12F60
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12CF0 NtOpenProcess,7_2_02F12CF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12CC0 NtQueryVirtualMemory,7_2_02F12CC0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12C00 NtQueryInformationProcess,7_2_02F12C00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12DB0 NtEnumerateKey,7_2_02F12DB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12D30 NtUnmapViewOfSection,7_2_02F12D30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F12D00 NtSetInformationFile,7_2_02F12D00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F13090 NtSetValueKey,7_2_02F13090
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F13010 NtOpenDirectoryObject,7_2_02F13010
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F139B0 NtGetContextThread,7_2_02F139B0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F13D70 NtOpenThread,7_2_02F13D70
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F13D10 NtOpenProcessToken,7_2_02F13D10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0236A320 NtCreateFile,7_2_0236A320
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0236A3D0 NtReadFile,7_2_0236A3D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0236A450 NtClose,7_2_0236A450
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0236A500 NtAllocateVirtualMemory,7_2_0236A500
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0236A31D NtCreateFile,7_2_0236A31D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0236A44A NtClose,7_2_0236A44A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02B39BAF NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtUnmapViewOfSection,NtClose,7_2_02B39BAF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02B3A036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,7_2_02B3A036
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02B39BB2 NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,7_2_02B39BB2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02B3A042 NtQueryInformationProcess,7_2_02B3A042
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00434D50: GetFullPathNameW,__swprintf,_wcslen,_wcslen,_wcslen,CreateDirectoryW,CreateFileW,_memset,_wcslen,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,2_2_00434D50
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004461ED _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,2_2_004461ED
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,2_2_004364AA
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004120382_2_00412038
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004271612_2_00427161
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0047E1FA2_2_0047E1FA
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004212BE2_2_004212BE
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004433902_2_00443390
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004433912_2_00443391
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0041A46B2_2_0041A46B
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0041240C2_2_0041240C
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004465662_2_00446566
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004045E02_2_004045E0
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0041D7502_2_0041D750
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004037E02_2_004037E0
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004278592_2_00427859
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004128182_2_00412818
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0040F8902_2_0040F890
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0042397B2_2_0042397B
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00409A402_2_00409A40
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00411B632_2_00411B63
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0047CBF02_2_0047CBF0
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0044EBBC2_2_0044EBBC
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00412C382_2_00412C38
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00490D702_2_00490D70
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0044ED9A2_2_0044ED9A
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00423EBF2_2_00423EBF
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00424F702_2_00424F70
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0041AF0D2_2_0041AF0D
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_040327702_2_04032770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_004010304_2_00401030
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041D89D4_2_0041D89D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041C3F24_2_0041C3F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00402D904_2_00402D90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00409E4C4_2_00409E4C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00409E504_2_00409E50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041E79D4_2_0041E79D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00402FB04_2_00402FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FA3524_2_031FA352
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_032003E64_2_032003E6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314E3F04_2_0314E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E02744_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C02C04_2_031C02C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DA1184_2_031DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031301004_2_03130100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C81584_2_031C8158
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_032001AA4_2_032001AA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F41A24_2_031F41A2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F81CC4_2_031F81CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D20004_2_031D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031647504_2_03164750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031407704_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313C7C04_2_0313C7C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315C6E04_2_0315C6E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031405354_2_03140535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_032005914_2_03200591
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E44204_2_031E4420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F24464_2_031F2446
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031EE4F64_2_031EE4F6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FAB404_2_031FAB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F6BD74_2_031F6BD7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313EA804_2_0313EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031569624_2_03156962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0320A9A64_2_0320A9A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A04_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314A8404_2_0314A840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031428404_2_03142840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031268B84_2_031268B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E8F04_2_0316E8F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03160F304_2_03160F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E2F304_2_031E2F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03182F284_2_03182F28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B4F404_2_031B4F40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031BEFA04_2_031BEFA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03132FC84_2_03132FC8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314CFE04_2_0314CFE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FEE264_2_031FEE26
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140E594_2_03140E59
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03152E904_2_03152E90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FCE934_2_031FCE93
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FEEDB4_2_031FEEDB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DCD1F4_2_031DCD1F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314AD004_2_0314AD00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03158DBF4_2_03158DBF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313ADE04_2_0313ADE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140C004_2_03140C00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0CB54_2_031E0CB5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03130CF24_2_03130CF2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F132D4_2_031F132D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312D34C4_2_0312D34C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0318739A4_2_0318739A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031452A04_2_031452A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315B2C04_2_0315B2C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E12ED4_2_031E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0320B16B4_2_0320B16B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312F1724_2_0312F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0317516C4_2_0317516C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314B1B04_2_0314B1B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031EF0CC4_2_031EF0CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031470C04_2_031470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F70E94_2_031F70E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FF0E04_2_031FF0E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FF7B04_2_031FF7B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031856304_2_03185630
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F16CC4_2_031F16CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F75714_2_031F7571
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DD5B04_2_031DD5B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_032095C34_2_032095C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FF43F4_2_031FF43F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031314604_2_03131460
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FFB764_2_031FFB76
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315FB804_2_0315FB80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B5BF04_2_031B5BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0317DBF94_2_0317DBF9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FFA494_2_031FFA49
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F7A464_2_031F7A46
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B3A6C4_2_031B3A6C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DDAAC4_2_031DDAAC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03185AA04_2_03185AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E1AA34_2_031E1AA3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031EDAC64_2_031EDAC6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D59104_2_031D5910
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031499504_2_03149950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315B9504_2_0315B950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AD8004_2_031AD800
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031438E04_2_031438E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FFF094_2_031FFF09
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03141F924_2_03141F92
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FFFB14_2_031FFFB1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03149EB04_2_03149EB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F1D5A4_2_031F1D5A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03143D404_2_03143D40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F7D734_2_031F7D73
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315FDC04_2_0315FDC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B9C324_2_031B9C32
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FFCF24_2_031FFCF2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030AA0364_2_030AA036
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030AB2324_2_030AB232
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030A10824_2_030A1082
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030AE5CD4_2_030AE5CD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030A5B324_2_030A5B32
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030A5B304_2_030A5B30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030A89124_2_030A8912
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030A2D024_2_030A2D02
          Source: C:\Windows\explorer.exeCode function: 5_2_102652325_2_10265232
          Source: C:\Windows\explorer.exeCode function: 5_2_102640365_2_10264036
          Source: C:\Windows\explorer.exeCode function: 5_2_1025B0825_2_1025B082
          Source: C:\Windows\explorer.exeCode function: 5_2_1025FB305_2_1025FB30
          Source: C:\Windows\explorer.exeCode function: 5_2_1025FB325_2_1025FB32
          Source: C:\Windows\explorer.exeCode function: 5_2_1025CD025_2_1025CD02
          Source: C:\Windows\explorer.exeCode function: 5_2_102629125_2_10262912
          Source: C:\Windows\explorer.exeCode function: 5_2_102685CD5_2_102685CD
          Source: C:\Windows\explorer.exeCode function: 5_2_10A1B0825_2_10A1B082
          Source: C:\Windows\explorer.exeCode function: 5_2_10A240365_2_10A24036
          Source: C:\Windows\explorer.exeCode function: 5_2_10A285CD5_2_10A285CD
          Source: C:\Windows\explorer.exeCode function: 5_2_10A1CD025_2_10A1CD02
          Source: C:\Windows\explorer.exeCode function: 5_2_10A229125_2_10A22912
          Source: C:\Windows\explorer.exeCode function: 5_2_10A252325_2_10A25232
          Source: C:\Windows\explorer.exeCode function: 5_2_10A1FB305_2_10A1FB30
          Source: C:\Windows\explorer.exeCode function: 5_2_10A1FB325_2_10A1FB32
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_001117157_2_00111715
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_001121677_2_00112167
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F602C07_2_02F602C0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F802747_2_02F80274
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02FA03E67_2_02FA03E6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EEE3F07_2_02EEE3F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9A3527_2_02F9A352
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F720007_2_02F72000
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F981CC7_2_02F981CC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02FA01AA7_2_02FA01AA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F941A27_2_02F941A2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F681587_2_02F68158
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02ED01007_2_02ED0100
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F7A1187_2_02F7A118
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EFC6E07_2_02EFC6E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EDC7C07_2_02EDC7C0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE07707_2_02EE0770
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F047507_2_02F04750
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F8E4F67_2_02F8E4F6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F924467_2_02F92446
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F844207_2_02F84420
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02FA05917_2_02FA0591
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE05357_2_02EE0535
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EDEA807_2_02EDEA80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F96BD77_2_02F96BD7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9AB407_2_02F9AB40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F0E8F07_2_02F0E8F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EC68B87_2_02EC68B8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE28407_2_02EE2840
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EEA8407_2_02EEA840
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE29A07_2_02EE29A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02FAA9A67_2_02FAA9A6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EF69627_2_02EF6962
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9EEDB7_2_02F9EEDB
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9CE937_2_02F9CE93
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EF2E907_2_02EF2E90
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE0E597_2_02EE0E59
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9EE267_2_02F9EE26
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EECFE07_2_02EECFE0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02ED2FC87_2_02ED2FC8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F5EFA07_2_02F5EFA0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F54F407_2_02F54F40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F00F307_2_02F00F30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F82F307_2_02F82F30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F22F287_2_02F22F28
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02ED0CF27_2_02ED0CF2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F80CB57_2_02F80CB5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE0C007_2_02EE0C00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EDADE07_2_02EDADE0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EF8DBF7_2_02EF8DBF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F7CD1F7_2_02F7CD1F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EEAD007_2_02EEAD00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F812ED7_2_02F812ED
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EFB2C07_2_02EFB2C0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE52A07_2_02EE52A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F2739A7_2_02F2739A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02ECD34C7_2_02ECD34C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9132D7_2_02F9132D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F970E97_2_02F970E9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9F0E07_2_02F9F0E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE70C07_2_02EE70C0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F8F0CC7_2_02F8F0CC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EEB1B07_2_02EEB1B0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02FAB16B7_2_02FAB16B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F1516C7_2_02F1516C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02ECF1727_2_02ECF172
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F916CC7_2_02F916CC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F256307_2_02F25630
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9F7B07_2_02F9F7B0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02ED14607_2_02ED1460
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9F43F7_2_02F9F43F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F7D5B07_2_02F7D5B0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F975717_2_02F97571
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F8DAC67_2_02F8DAC6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F25AA07_2_02F25AA0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F7DAAC7_2_02F7DAAC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F81AA37_2_02F81AA3
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F53A6C7_2_02F53A6C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9FA497_2_02F9FA49
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F97A467_2_02F97A46
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F55BF07_2_02F55BF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F1DBF97_2_02F1DBF9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EFFB807_2_02EFFB80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9FB767_2_02F9FB76
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE38E07_2_02EE38E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F4D8007_2_02F4D800
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE99507_2_02EE9950
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EFB9507_2_02EFB950
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F759107_2_02F75910
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE9EB07_2_02EE9EB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EA3FD27_2_02EA3FD2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EA3FD57_2_02EA3FD5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9FFB17_2_02F9FFB1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE1F927_2_02EE1F92
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9FF097_2_02F9FF09
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F9FCF27_2_02F9FCF2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F59C327_2_02F59C32
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EFFDC07_2_02EFFDC0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F97D737_2_02F97D73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02F91D5A7_2_02F91D5A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EE3D407_2_02EE3D40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0236C3F27_2_0236C3F2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0236E79D7_2_0236E79D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02359E507_2_02359E50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02359E4C7_2_02359E4C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02352FB07_2_02352FB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02352D907_2_02352D90
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02B3A0367_2_02B3A036
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02B3B2327_2_02B3B232
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02B35B327_2_02B35B32
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02B35B307_2_02B35B30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02B310827_2_02B31082
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02B389127_2_02B38912
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02B3E5CD7_2_02B3E5CD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02B32D027_2_02B32D02
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 02F27E54 appears 111 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 02F4EA12 appears 86 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 02F15130 appears 58 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 02ECB970 appears 280 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 02F5F290 appears 105 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0312B970 appears 280 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03175130 appears 58 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 031BF290 appears 105 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03187E54 appears 111 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 031AEA12 appears 86 times
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: String function: 00445975 appears 65 times
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: String function: 0041171A appears 37 times
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: String function: 0041718C appears 45 times
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: String function: 0040E6D0 appears 35 times
          Source: Invoice & Packing list For Sea Shipment.exe, 00000002.00000003.2128778905.00000000042E3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Invoice & Packing list For Sea Shipment.exe
          Source: Invoice & Packing list For Sea Shipment.exe, 00000002.00000003.2129566033.000000000448D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Invoice & Packing list For Sea Shipment.exe
          Source: Invoice & Packing list For Sea Shipment.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 4.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 4.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.4571837809.000000001027D000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8343b5d02d74791ba2d5d52d19a759f761de2b5470d935000bc27ea6c0633f5, id = 772cc62d-345c-42d8-97ab-f67e447ddca4, last_modified = 2022-07-18
          Source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: Invoice & Packing list For Sea Shipment.exe PID: 5392, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: svchost.exe PID: 6264, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: ironshell_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file ironshell.php.txt, hash = 8bfa2eeb8a3ff6afc619258e39fded56
          Source: Process Memory Space: NETSTAT.EXE PID: 5940, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: classification engineClassification label: mal100.troj.evad.winEXE@275/1@12/1
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0044AF5C GetLastError,FormatMessageW,2_2_0044AF5C
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00464422 OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,2_2_00464422
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,2_2_004364AA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_00111C89 GetCurrentProcess,OpenProcessToken,AdjustTokenPrivileges,CloseHandle,7_2_00111C89
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_00111CFC GetCurrentProcess,OpenProcessToken,AdjustTokenPrivileges,CloseHandle,7_2_00111CFC
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0045D517 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,2_2_0045D517
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0043701F CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,__wcsicoll,CloseHandle,2_2_0043701F
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0047A999 OleInitialize,CLSIDFromProgID,CoCreateInstance,CoInitializeSecurity,_memset,_wcslen,_memset,CoCreateInstanceEx,CoSetProxyBlanket,2_2_0047A999
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0043614F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,2_2_0043614F
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6260:120:WilError_03
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeFile created: C:\Users\user\AppData\Local\Temp\iodizationJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCommand line argument: #v2_2_0040D7F0
          Source: Invoice & Packing list For Sea Shipment.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Invoice & Packing list For Sea Shipment.exeReversingLabs: Detection: 26%
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeFile read: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe"
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe "C:\Windows\SysWOW64\autoconv.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE "C:\Windows\SysWOW64\NETSTAT.EXE"
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\svchost.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe "C:\Windows\SysWOW64\autoconv.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE "C:\Windows\SysWOW64\NETSTAT.EXE"Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\svchost.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dlnashext.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wpdshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: snmpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: Invoice & Packing list For Sea Shipment.exeStatic file information: File size 1085795 > 1048576
          Source: Binary string: netstat.pdbGCTL source: svchost.exe, 00000004.00000003.2196068996.0000000002A1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2196787652.0000000003070000.00000040.10000000.00040000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4558019691.0000000000110000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: netstat.pdb source: svchost.exe, 00000004.00000003.2196068996.0000000002A1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2196787652.0000000003070000.00000040.10000000.00040000.00000000.sdmp, NETSTAT.EXE, NETSTAT.EXE, 00000007.00000002.4558019691.0000000000110000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: Invoice & Packing list For Sea Shipment.exe, 00000002.00000003.2125549142.0000000004360000.00000004.00001000.00020000.00000000.sdmp, Invoice & Packing list For Sea Shipment.exe, 00000002.00000003.2129401938.00000000041C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2132084690.0000000002F00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2129633838.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2196922212.000000000329E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2196922212.0000000003100000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4558999890.000000000303E000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4558999890.0000000002EA0000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000003.2196556047.0000000002B39000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000003.2198211362.0000000002CEB000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Invoice & Packing list For Sea Shipment.exe, 00000002.00000003.2125549142.0000000004360000.00000004.00001000.00020000.00000000.sdmp, Invoice & Packing list For Sea Shipment.exe, 00000002.00000003.2129401938.00000000041C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000004.00000003.2132084690.0000000002F00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2129633838.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2196922212.000000000329E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2196922212.0000000003100000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, NETSTAT.EXE, 00000007.00000002.4558999890.000000000303E000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4558999890.0000000002EA0000.00000040.00001000.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000003.2196556047.0000000002B39000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000003.2198211362.0000000002CEB000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: svchost.pdb source: explorer.exe, 00000005.00000002.4572251771.0000000010CCF000.00000004.80000000.00040000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4558514292.00000000028F1000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4559591877.00000000033EF000.00000004.10000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: explorer.exe, 00000005.00000002.4572251771.0000000010CCF000.00000004.80000000.00040000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4558514292.00000000028F1000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000007.00000002.4559591877.00000000033EF000.00000004.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0040EB70 LoadLibraryA,GetProcAddress,2_2_0040EB70
          Source: Invoice & Packing list For Sea Shipment.exeStatic PE information: real checksum: 0xa2135 should be: 0x1129f6
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004171D1 push ecx; ret 2_2_004171E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041285C push cs; retf 4_2_0041285F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00417008 pushfd ; retf 4_2_0041700F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_004171EF push ds; iretd 4_2_004171FD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041E992 push dword ptr [08CCB4BEh]; ret 4_2_0041E9AA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041E9B2 push dword ptr [0ECCDC24h]; ret 4_2_0041EACE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00416A81 pushfd ; retf 4_2_00416A82
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00417ABC push edi; ret 4_2_00417ABD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0040E46D push ebx; retf 4_2_0040E470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041D475 push eax; ret 4_2_0041D4C8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041D4C2 push eax; ret 4_2_0041D4C8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041D4CB push eax; ret 4_2_0041D532
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041D52C push eax; ret 4_2_0041D532
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0041E530 push edi; ret 4_2_0041E532
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_004177BF push B417C20Bh; ret 4_2_004177C4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031309AD push ecx; mov dword ptr [esp], ecx4_2_031309B6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030AEB02 push esp; retn 0000h4_2_030AEB03
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030AEB1E push esp; retn 0000h4_2_030AEB1F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_030AE9B5 push esp; retn 0000h4_2_030AEAE7
          Source: C:\Windows\explorer.exeCode function: 5_2_10268B02 push esp; retn 0000h5_2_10268B03
          Source: C:\Windows\explorer.exeCode function: 5_2_10268B1E push esp; retn 0000h5_2_10268B1F
          Source: C:\Windows\explorer.exeCode function: 5_2_102689B5 push esp; retn 0000h5_2_10268AE7
          Source: C:\Windows\explorer.exeCode function: 5_2_10A289B5 push esp; retn 0000h5_2_10A28AE7
          Source: C:\Windows\explorer.exeCode function: 5_2_10A28B02 push esp; retn 0000h5_2_10A28B03
          Source: C:\Windows\explorer.exeCode function: 5_2_10A28B1E push esp; retn 0000h5_2_10A28B1F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_001160DD push ecx; ret 7_2_001160F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EA225F pushad ; ret 7_2_02EA27F9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EA27FA pushad ; ret 7_2_02EA27F9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EA283D push eax; iretd 7_2_02EA2858
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02ED09AD push ecx; mov dword ptr [esp], ecx7_2_02ED09B6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02EA9939 push es; iretd 7_2_02EA9940
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeFile created: \invoice & packing list for sea shipment.exe
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeFile created: \invoice & packing list for sea shipment.exeJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004772DE IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,2_2_004772DE
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,2_2_004375B0
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Contains functionality to detect sleep reduction / modifications
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004440782_2_00444078
          Switches to a custom stack to bypass stack traces
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeAPI/Special instruction interceptor: Address: 4032394
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB4430774
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D8A4
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
          Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFDB442D324
          Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFDB4430774
          Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFDB442D944
          Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFDB442D504
          Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFDB442D544
          Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFDB442D1E4
          Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFDB4430154
          Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFDB442D8A4
          Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI/Special instruction interceptor: Address: 7FFDB442DA44
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 409904 second address: 40990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 409B6E second address: 409B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 2359904 second address: 235990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 2359B6E second address: 2359B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00409AA0 rdtsc 4_2_00409AA0
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 3483Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 6454Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 883Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 861Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEWindow / User API: threadDelayed 568Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEWindow / User API: threadDelayed 9402Jump to behavior
          Source: C:\Windows\explorer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_2-86223
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_2-85222
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeAPI coverage: 3.0 %
          Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 2.1 %
          Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI coverage: 2.0 %
          Source: C:\Windows\explorer.exe TID: 4508Thread sleep count: 3483 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 4508Thread sleep time: -6966000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 4508Thread sleep count: 6454 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 4508Thread sleep time: -12908000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 640Thread sleep count: 568 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 640Thread sleep time: -1136000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 640Thread sleep count: 9402 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 640Thread sleep time: -18804000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXELast function: Thread delayed
          Source: C:\Windows\SysWOW64\NETSTAT.EXELast function: Thread delayed
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,2_2_00452126
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,2_2_0045C999
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,2_2_00436ADE
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00434BEE
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0045DD7C FindFirstFileW,FindClose,2_2_0045DD7C
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,2_2_0044BD29
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,2_2_00436D2D
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00442E1F
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_00475FE5
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,2_2_0044BF8D
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,2_2_0040E470
          Source: explorer.exe, 00000005.00000003.2980287757.000000000C374000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 00000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&B
          Source: explorer.exe, 00000005.00000000.2143452239.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000962B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en-US\msmouse.inf_locv
          Source: explorer.exe, 00000005.00000002.4563935093.00000000097F3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 00000005.00000000.2143452239.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000973C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWws
          Source: explorer.exe, 00000005.00000002.4570751526.000000000C377000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 1efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&
          Source: explorer.exe, 00000005.00000003.2980287757.000000000C374000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCS
          Source: explorer.exe, 00000005.00000002.4563935093.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}RoamingCom
          Source: explorer.exe, 00000005.00000000.2143452239.0000000009605000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTVMWare
          Source: explorer.exe, 00000005.00000003.2980287757.000000000C374000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@
          Source: explorer.exe, 00000005.00000002.4558258248.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000002.4558258248.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000W
          Source: explorer.exe, 00000005.00000002.4563193761.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2143452239.000000000978C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000005.00000003.2980287757.000000000C374000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&
          Source: Invoice & Packing list For Sea Shipment.exe, 00000002.00000002.2130748395.000000000095E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: }#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
          Source: explorer.exe, 00000005.00000002.4563935093.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}lnkramW6
          Source: explorer.exe, 00000005.00000003.2980287757.000000000C374000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}|
          Source: explorer.exe, 00000005.00000002.4558258248.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
          Source: explorer.exe, 00000005.00000002.4558258248.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000002.4563935093.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeAPI call chain: ExitProcess graph end nodegraph_2-84778
          Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00409AA0 rdtsc 4_2_00409AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0040ACE0 LdrLoadDll,4_2_0040ACE0
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0045A259 BlockInput,2_2_0045A259
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,2_2_0040D6D0
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0040EB70 LoadLibraryA,GetProcAddress,2_2_0040EB70
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_04032600 mov eax, dword ptr fs:[00000030h]2_2_04032600
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_04032660 mov eax, dword ptr fs:[00000030h]2_2_04032660
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_04030FF0 mov eax, dword ptr fs:[00000030h]2_2_04030FF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312C310 mov ecx, dword ptr fs:[00000030h]4_2_0312C310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03208324 mov eax, dword ptr fs:[00000030h]4_2_03208324
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03208324 mov ecx, dword ptr fs:[00000030h]4_2_03208324
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03208324 mov eax, dword ptr fs:[00000030h]4_2_03208324
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03208324 mov eax, dword ptr fs:[00000030h]4_2_03208324
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03150310 mov ecx, dword ptr fs:[00000030h]4_2_03150310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316A30B mov eax, dword ptr fs:[00000030h]4_2_0316A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316A30B mov eax, dword ptr fs:[00000030h]4_2_0316A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316A30B mov eax, dword ptr fs:[00000030h]4_2_0316A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B035C mov eax, dword ptr fs:[00000030h]4_2_031B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B035C mov eax, dword ptr fs:[00000030h]4_2_031B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B035C mov eax, dword ptr fs:[00000030h]4_2_031B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B035C mov ecx, dword ptr fs:[00000030h]4_2_031B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B035C mov eax, dword ptr fs:[00000030h]4_2_031B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B035C mov eax, dword ptr fs:[00000030h]4_2_031B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FA352 mov eax, dword ptr fs:[00000030h]4_2_031FA352
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D8350 mov ecx, dword ptr fs:[00000030h]4_2_031D8350
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B2349 mov eax, dword ptr fs:[00000030h]4_2_031B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D437C mov eax, dword ptr fs:[00000030h]4_2_031D437C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0320634F mov eax, dword ptr fs:[00000030h]4_2_0320634F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03128397 mov eax, dword ptr fs:[00000030h]4_2_03128397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03128397 mov eax, dword ptr fs:[00000030h]4_2_03128397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03128397 mov eax, dword ptr fs:[00000030h]4_2_03128397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312E388 mov eax, dword ptr fs:[00000030h]4_2_0312E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312E388 mov eax, dword ptr fs:[00000030h]4_2_0312E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312E388 mov eax, dword ptr fs:[00000030h]4_2_0312E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315438F mov eax, dword ptr fs:[00000030h]4_2_0315438F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315438F mov eax, dword ptr fs:[00000030h]4_2_0315438F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE3DB mov eax, dword ptr fs:[00000030h]4_2_031DE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE3DB mov eax, dword ptr fs:[00000030h]4_2_031DE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE3DB mov ecx, dword ptr fs:[00000030h]4_2_031DE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE3DB mov eax, dword ptr fs:[00000030h]4_2_031DE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D43D4 mov eax, dword ptr fs:[00000030h]4_2_031D43D4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D43D4 mov eax, dword ptr fs:[00000030h]4_2_031D43D4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031EC3CD mov eax, dword ptr fs:[00000030h]4_2_031EC3CD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A3C0 mov eax, dword ptr fs:[00000030h]4_2_0313A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A3C0 mov eax, dword ptr fs:[00000030h]4_2_0313A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A3C0 mov eax, dword ptr fs:[00000030h]4_2_0313A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A3C0 mov eax, dword ptr fs:[00000030h]4_2_0313A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A3C0 mov eax, dword ptr fs:[00000030h]4_2_0313A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A3C0 mov eax, dword ptr fs:[00000030h]4_2_0313A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031383C0 mov eax, dword ptr fs:[00000030h]4_2_031383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031383C0 mov eax, dword ptr fs:[00000030h]4_2_031383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031383C0 mov eax, dword ptr fs:[00000030h]4_2_031383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031383C0 mov eax, dword ptr fs:[00000030h]4_2_031383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B63C0 mov eax, dword ptr fs:[00000030h]4_2_031B63C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314E3F0 mov eax, dword ptr fs:[00000030h]4_2_0314E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314E3F0 mov eax, dword ptr fs:[00000030h]4_2_0314E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314E3F0 mov eax, dword ptr fs:[00000030h]4_2_0314E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031663FF mov eax, dword ptr fs:[00000030h]4_2_031663FF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031403E9 mov eax, dword ptr fs:[00000030h]4_2_031403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031403E9 mov eax, dword ptr fs:[00000030h]4_2_031403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031403E9 mov eax, dword ptr fs:[00000030h]4_2_031403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031403E9 mov eax, dword ptr fs:[00000030h]4_2_031403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031403E9 mov eax, dword ptr fs:[00000030h]4_2_031403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031403E9 mov eax, dword ptr fs:[00000030h]4_2_031403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031403E9 mov eax, dword ptr fs:[00000030h]4_2_031403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031403E9 mov eax, dword ptr fs:[00000030h]4_2_031403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312823B mov eax, dword ptr fs:[00000030h]4_2_0312823B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312A250 mov eax, dword ptr fs:[00000030h]4_2_0312A250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03136259 mov eax, dword ptr fs:[00000030h]4_2_03136259
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031EA250 mov eax, dword ptr fs:[00000030h]4_2_031EA250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031EA250 mov eax, dword ptr fs:[00000030h]4_2_031EA250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B8243 mov eax, dword ptr fs:[00000030h]4_2_031B8243
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B8243 mov ecx, dword ptr fs:[00000030h]4_2_031B8243
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0274 mov eax, dword ptr fs:[00000030h]4_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0274 mov eax, dword ptr fs:[00000030h]4_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0274 mov eax, dword ptr fs:[00000030h]4_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0274 mov eax, dword ptr fs:[00000030h]4_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0274 mov eax, dword ptr fs:[00000030h]4_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0274 mov eax, dword ptr fs:[00000030h]4_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0274 mov eax, dword ptr fs:[00000030h]4_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0274 mov eax, dword ptr fs:[00000030h]4_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0274 mov eax, dword ptr fs:[00000030h]4_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0274 mov eax, dword ptr fs:[00000030h]4_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0274 mov eax, dword ptr fs:[00000030h]4_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E0274 mov eax, dword ptr fs:[00000030h]4_2_031E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03134260 mov eax, dword ptr fs:[00000030h]4_2_03134260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03134260 mov eax, dword ptr fs:[00000030h]4_2_03134260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03134260 mov eax, dword ptr fs:[00000030h]4_2_03134260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312826B mov eax, dword ptr fs:[00000030h]4_2_0312826B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0320625D mov eax, dword ptr fs:[00000030h]4_2_0320625D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E284 mov eax, dword ptr fs:[00000030h]4_2_0316E284
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E284 mov eax, dword ptr fs:[00000030h]4_2_0316E284
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B0283 mov eax, dword ptr fs:[00000030h]4_2_031B0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B0283 mov eax, dword ptr fs:[00000030h]4_2_031B0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B0283 mov eax, dword ptr fs:[00000030h]4_2_031B0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C62A0 mov eax, dword ptr fs:[00000030h]4_2_031C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C62A0 mov ecx, dword ptr fs:[00000030h]4_2_031C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C62A0 mov eax, dword ptr fs:[00000030h]4_2_031C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C62A0 mov eax, dword ptr fs:[00000030h]4_2_031C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C62A0 mov eax, dword ptr fs:[00000030h]4_2_031C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C62A0 mov eax, dword ptr fs:[00000030h]4_2_031C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A2C3 mov eax, dword ptr fs:[00000030h]4_2_0313A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A2C3 mov eax, dword ptr fs:[00000030h]4_2_0313A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A2C3 mov eax, dword ptr fs:[00000030h]4_2_0313A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A2C3 mov eax, dword ptr fs:[00000030h]4_2_0313A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A2C3 mov eax, dword ptr fs:[00000030h]4_2_0313A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031402E1 mov eax, dword ptr fs:[00000030h]4_2_031402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031402E1 mov eax, dword ptr fs:[00000030h]4_2_031402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031402E1 mov eax, dword ptr fs:[00000030h]4_2_031402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_032062D6 mov eax, dword ptr fs:[00000030h]4_2_032062D6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DA118 mov ecx, dword ptr fs:[00000030h]4_2_031DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DA118 mov eax, dword ptr fs:[00000030h]4_2_031DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DA118 mov eax, dword ptr fs:[00000030h]4_2_031DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DA118 mov eax, dword ptr fs:[00000030h]4_2_031DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F0115 mov eax, dword ptr fs:[00000030h]4_2_031F0115
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE10E mov eax, dword ptr fs:[00000030h]4_2_031DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE10E mov ecx, dword ptr fs:[00000030h]4_2_031DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE10E mov eax, dword ptr fs:[00000030h]4_2_031DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE10E mov eax, dword ptr fs:[00000030h]4_2_031DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE10E mov ecx, dword ptr fs:[00000030h]4_2_031DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE10E mov eax, dword ptr fs:[00000030h]4_2_031DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE10E mov eax, dword ptr fs:[00000030h]4_2_031DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE10E mov ecx, dword ptr fs:[00000030h]4_2_031DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE10E mov eax, dword ptr fs:[00000030h]4_2_031DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DE10E mov ecx, dword ptr fs:[00000030h]4_2_031DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03160124 mov eax, dword ptr fs:[00000030h]4_2_03160124
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312C156 mov eax, dword ptr fs:[00000030h]4_2_0312C156
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C8158 mov eax, dword ptr fs:[00000030h]4_2_031C8158
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03204164 mov eax, dword ptr fs:[00000030h]4_2_03204164
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03204164 mov eax, dword ptr fs:[00000030h]4_2_03204164
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03136154 mov eax, dword ptr fs:[00000030h]4_2_03136154
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03136154 mov eax, dword ptr fs:[00000030h]4_2_03136154
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C4144 mov eax, dword ptr fs:[00000030h]4_2_031C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C4144 mov eax, dword ptr fs:[00000030h]4_2_031C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C4144 mov ecx, dword ptr fs:[00000030h]4_2_031C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C4144 mov eax, dword ptr fs:[00000030h]4_2_031C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C4144 mov eax, dword ptr fs:[00000030h]4_2_031C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B019F mov eax, dword ptr fs:[00000030h]4_2_031B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B019F mov eax, dword ptr fs:[00000030h]4_2_031B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B019F mov eax, dword ptr fs:[00000030h]4_2_031B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B019F mov eax, dword ptr fs:[00000030h]4_2_031B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312A197 mov eax, dword ptr fs:[00000030h]4_2_0312A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312A197 mov eax, dword ptr fs:[00000030h]4_2_0312A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312A197 mov eax, dword ptr fs:[00000030h]4_2_0312A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03170185 mov eax, dword ptr fs:[00000030h]4_2_03170185
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031EC188 mov eax, dword ptr fs:[00000030h]4_2_031EC188
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031EC188 mov eax, dword ptr fs:[00000030h]4_2_031EC188
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D4180 mov eax, dword ptr fs:[00000030h]4_2_031D4180
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D4180 mov eax, dword ptr fs:[00000030h]4_2_031D4180
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_032061E5 mov eax, dword ptr fs:[00000030h]4_2_032061E5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AE1D0 mov eax, dword ptr fs:[00000030h]4_2_031AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AE1D0 mov eax, dword ptr fs:[00000030h]4_2_031AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AE1D0 mov ecx, dword ptr fs:[00000030h]4_2_031AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AE1D0 mov eax, dword ptr fs:[00000030h]4_2_031AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AE1D0 mov eax, dword ptr fs:[00000030h]4_2_031AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F61C3 mov eax, dword ptr fs:[00000030h]4_2_031F61C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F61C3 mov eax, dword ptr fs:[00000030h]4_2_031F61C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031601F8 mov eax, dword ptr fs:[00000030h]4_2_031601F8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314E016 mov eax, dword ptr fs:[00000030h]4_2_0314E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314E016 mov eax, dword ptr fs:[00000030h]4_2_0314E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314E016 mov eax, dword ptr fs:[00000030h]4_2_0314E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314E016 mov eax, dword ptr fs:[00000030h]4_2_0314E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B4000 mov ecx, dword ptr fs:[00000030h]4_2_031B4000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D2000 mov eax, dword ptr fs:[00000030h]4_2_031D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D2000 mov eax, dword ptr fs:[00000030h]4_2_031D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D2000 mov eax, dword ptr fs:[00000030h]4_2_031D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D2000 mov eax, dword ptr fs:[00000030h]4_2_031D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D2000 mov eax, dword ptr fs:[00000030h]4_2_031D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D2000 mov eax, dword ptr fs:[00000030h]4_2_031D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D2000 mov eax, dword ptr fs:[00000030h]4_2_031D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D2000 mov eax, dword ptr fs:[00000030h]4_2_031D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C6030 mov eax, dword ptr fs:[00000030h]4_2_031C6030
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312A020 mov eax, dword ptr fs:[00000030h]4_2_0312A020
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312C020 mov eax, dword ptr fs:[00000030h]4_2_0312C020
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03132050 mov eax, dword ptr fs:[00000030h]4_2_03132050
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B6050 mov eax, dword ptr fs:[00000030h]4_2_031B6050
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315C073 mov eax, dword ptr fs:[00000030h]4_2_0315C073
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313208A mov eax, dword ptr fs:[00000030h]4_2_0313208A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F60B8 mov eax, dword ptr fs:[00000030h]4_2_031F60B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F60B8 mov ecx, dword ptr fs:[00000030h]4_2_031F60B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031280A0 mov eax, dword ptr fs:[00000030h]4_2_031280A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C80A8 mov eax, dword ptr fs:[00000030h]4_2_031C80A8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B20DE mov eax, dword ptr fs:[00000030h]4_2_031B20DE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312C0F0 mov eax, dword ptr fs:[00000030h]4_2_0312C0F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031720F0 mov ecx, dword ptr fs:[00000030h]4_2_031720F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0312A0E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031380E9 mov eax, dword ptr fs:[00000030h]4_2_031380E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B60E0 mov eax, dword ptr fs:[00000030h]4_2_031B60E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03130710 mov eax, dword ptr fs:[00000030h]4_2_03130710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03160710 mov eax, dword ptr fs:[00000030h]4_2_03160710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316C700 mov eax, dword ptr fs:[00000030h]4_2_0316C700
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316273C mov eax, dword ptr fs:[00000030h]4_2_0316273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316273C mov ecx, dword ptr fs:[00000030h]4_2_0316273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316273C mov eax, dword ptr fs:[00000030h]4_2_0316273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AC730 mov eax, dword ptr fs:[00000030h]4_2_031AC730
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316C720 mov eax, dword ptr fs:[00000030h]4_2_0316C720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316C720 mov eax, dword ptr fs:[00000030h]4_2_0316C720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03130750 mov eax, dword ptr fs:[00000030h]4_2_03130750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031BE75D mov eax, dword ptr fs:[00000030h]4_2_031BE75D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172750 mov eax, dword ptr fs:[00000030h]4_2_03172750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172750 mov eax, dword ptr fs:[00000030h]4_2_03172750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B4755 mov eax, dword ptr fs:[00000030h]4_2_031B4755
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316674D mov esi, dword ptr fs:[00000030h]4_2_0316674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316674D mov eax, dword ptr fs:[00000030h]4_2_0316674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316674D mov eax, dword ptr fs:[00000030h]4_2_0316674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03138770 mov eax, dword ptr fs:[00000030h]4_2_03138770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140770 mov eax, dword ptr fs:[00000030h]4_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140770 mov eax, dword ptr fs:[00000030h]4_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140770 mov eax, dword ptr fs:[00000030h]4_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140770 mov eax, dword ptr fs:[00000030h]4_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140770 mov eax, dword ptr fs:[00000030h]4_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140770 mov eax, dword ptr fs:[00000030h]4_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140770 mov eax, dword ptr fs:[00000030h]4_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140770 mov eax, dword ptr fs:[00000030h]4_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140770 mov eax, dword ptr fs:[00000030h]4_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140770 mov eax, dword ptr fs:[00000030h]4_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140770 mov eax, dword ptr fs:[00000030h]4_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140770 mov eax, dword ptr fs:[00000030h]4_2_03140770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D678E mov eax, dword ptr fs:[00000030h]4_2_031D678E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031307AF mov eax, dword ptr fs:[00000030h]4_2_031307AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E47A0 mov eax, dword ptr fs:[00000030h]4_2_031E47A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313C7C0 mov eax, dword ptr fs:[00000030h]4_2_0313C7C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B07C3 mov eax, dword ptr fs:[00000030h]4_2_031B07C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031347FB mov eax, dword ptr fs:[00000030h]4_2_031347FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031347FB mov eax, dword ptr fs:[00000030h]4_2_031347FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031527ED mov eax, dword ptr fs:[00000030h]4_2_031527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031527ED mov eax, dword ptr fs:[00000030h]4_2_031527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031527ED mov eax, dword ptr fs:[00000030h]4_2_031527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031BE7E1 mov eax, dword ptr fs:[00000030h]4_2_031BE7E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03172619 mov eax, dword ptr fs:[00000030h]4_2_03172619
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AE609 mov eax, dword ptr fs:[00000030h]4_2_031AE609
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314260B mov eax, dword ptr fs:[00000030h]4_2_0314260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314260B mov eax, dword ptr fs:[00000030h]4_2_0314260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314260B mov eax, dword ptr fs:[00000030h]4_2_0314260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314260B mov eax, dword ptr fs:[00000030h]4_2_0314260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314260B mov eax, dword ptr fs:[00000030h]4_2_0314260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314260B mov eax, dword ptr fs:[00000030h]4_2_0314260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314260B mov eax, dword ptr fs:[00000030h]4_2_0314260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314E627 mov eax, dword ptr fs:[00000030h]4_2_0314E627
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03166620 mov eax, dword ptr fs:[00000030h]4_2_03166620
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03168620 mov eax, dword ptr fs:[00000030h]4_2_03168620
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313262C mov eax, dword ptr fs:[00000030h]4_2_0313262C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0314C640 mov eax, dword ptr fs:[00000030h]4_2_0314C640
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03162674 mov eax, dword ptr fs:[00000030h]4_2_03162674
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F866E mov eax, dword ptr fs:[00000030h]4_2_031F866E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F866E mov eax, dword ptr fs:[00000030h]4_2_031F866E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316A660 mov eax, dword ptr fs:[00000030h]4_2_0316A660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316A660 mov eax, dword ptr fs:[00000030h]4_2_0316A660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03134690 mov eax, dword ptr fs:[00000030h]4_2_03134690
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03134690 mov eax, dword ptr fs:[00000030h]4_2_03134690
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031666B0 mov eax, dword ptr fs:[00000030h]4_2_031666B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316C6A6 mov eax, dword ptr fs:[00000030h]4_2_0316C6A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316A6C7 mov ebx, dword ptr fs:[00000030h]4_2_0316A6C7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316A6C7 mov eax, dword ptr fs:[00000030h]4_2_0316A6C7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AE6F2 mov eax, dword ptr fs:[00000030h]4_2_031AE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AE6F2 mov eax, dword ptr fs:[00000030h]4_2_031AE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AE6F2 mov eax, dword ptr fs:[00000030h]4_2_031AE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AE6F2 mov eax, dword ptr fs:[00000030h]4_2_031AE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B06F1 mov eax, dword ptr fs:[00000030h]4_2_031B06F1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B06F1 mov eax, dword ptr fs:[00000030h]4_2_031B06F1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C6500 mov eax, dword ptr fs:[00000030h]4_2_031C6500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03204500 mov eax, dword ptr fs:[00000030h]4_2_03204500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03204500 mov eax, dword ptr fs:[00000030h]4_2_03204500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03204500 mov eax, dword ptr fs:[00000030h]4_2_03204500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03204500 mov eax, dword ptr fs:[00000030h]4_2_03204500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03204500 mov eax, dword ptr fs:[00000030h]4_2_03204500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03204500 mov eax, dword ptr fs:[00000030h]4_2_03204500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03204500 mov eax, dword ptr fs:[00000030h]4_2_03204500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140535 mov eax, dword ptr fs:[00000030h]4_2_03140535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140535 mov eax, dword ptr fs:[00000030h]4_2_03140535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140535 mov eax, dword ptr fs:[00000030h]4_2_03140535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140535 mov eax, dword ptr fs:[00000030h]4_2_03140535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140535 mov eax, dword ptr fs:[00000030h]4_2_03140535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140535 mov eax, dword ptr fs:[00000030h]4_2_03140535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E53E mov eax, dword ptr fs:[00000030h]4_2_0315E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E53E mov eax, dword ptr fs:[00000030h]4_2_0315E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E53E mov eax, dword ptr fs:[00000030h]4_2_0315E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E53E mov eax, dword ptr fs:[00000030h]4_2_0315E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E53E mov eax, dword ptr fs:[00000030h]4_2_0315E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03138550 mov eax, dword ptr fs:[00000030h]4_2_03138550
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03138550 mov eax, dword ptr fs:[00000030h]4_2_03138550
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316656A mov eax, dword ptr fs:[00000030h]4_2_0316656A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316656A mov eax, dword ptr fs:[00000030h]4_2_0316656A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316656A mov eax, dword ptr fs:[00000030h]4_2_0316656A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E59C mov eax, dword ptr fs:[00000030h]4_2_0316E59C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03132582 mov eax, dword ptr fs:[00000030h]4_2_03132582
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03132582 mov ecx, dword ptr fs:[00000030h]4_2_03132582
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03164588 mov eax, dword ptr fs:[00000030h]4_2_03164588
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031545B1 mov eax, dword ptr fs:[00000030h]4_2_031545B1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031545B1 mov eax, dword ptr fs:[00000030h]4_2_031545B1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B05A7 mov eax, dword ptr fs:[00000030h]4_2_031B05A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B05A7 mov eax, dword ptr fs:[00000030h]4_2_031B05A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B05A7 mov eax, dword ptr fs:[00000030h]4_2_031B05A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031365D0 mov eax, dword ptr fs:[00000030h]4_2_031365D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316A5D0 mov eax, dword ptr fs:[00000030h]4_2_0316A5D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316A5D0 mov eax, dword ptr fs:[00000030h]4_2_0316A5D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E5CF mov eax, dword ptr fs:[00000030h]4_2_0316E5CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E5CF mov eax, dword ptr fs:[00000030h]4_2_0316E5CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E5E7 mov eax, dword ptr fs:[00000030h]4_2_0315E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E5E7 mov eax, dword ptr fs:[00000030h]4_2_0315E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E5E7 mov eax, dword ptr fs:[00000030h]4_2_0315E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E5E7 mov eax, dword ptr fs:[00000030h]4_2_0315E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E5E7 mov eax, dword ptr fs:[00000030h]4_2_0315E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E5E7 mov eax, dword ptr fs:[00000030h]4_2_0315E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E5E7 mov eax, dword ptr fs:[00000030h]4_2_0315E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315E5E7 mov eax, dword ptr fs:[00000030h]4_2_0315E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031325E0 mov eax, dword ptr fs:[00000030h]4_2_031325E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316C5ED mov eax, dword ptr fs:[00000030h]4_2_0316C5ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316C5ED mov eax, dword ptr fs:[00000030h]4_2_0316C5ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03168402 mov eax, dword ptr fs:[00000030h]4_2_03168402
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03168402 mov eax, dword ptr fs:[00000030h]4_2_03168402
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03168402 mov eax, dword ptr fs:[00000030h]4_2_03168402
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316A430 mov eax, dword ptr fs:[00000030h]4_2_0316A430
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312E420 mov eax, dword ptr fs:[00000030h]4_2_0312E420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312E420 mov eax, dword ptr fs:[00000030h]4_2_0312E420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312E420 mov eax, dword ptr fs:[00000030h]4_2_0312E420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312C427 mov eax, dword ptr fs:[00000030h]4_2_0312C427
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B6420 mov eax, dword ptr fs:[00000030h]4_2_031B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B6420 mov eax, dword ptr fs:[00000030h]4_2_031B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B6420 mov eax, dword ptr fs:[00000030h]4_2_031B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B6420 mov eax, dword ptr fs:[00000030h]4_2_031B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B6420 mov eax, dword ptr fs:[00000030h]4_2_031B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B6420 mov eax, dword ptr fs:[00000030h]4_2_031B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B6420 mov eax, dword ptr fs:[00000030h]4_2_031B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031EA456 mov eax, dword ptr fs:[00000030h]4_2_031EA456
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312645D mov eax, dword ptr fs:[00000030h]4_2_0312645D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315245A mov eax, dword ptr fs:[00000030h]4_2_0315245A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E443 mov eax, dword ptr fs:[00000030h]4_2_0316E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E443 mov eax, dword ptr fs:[00000030h]4_2_0316E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E443 mov eax, dword ptr fs:[00000030h]4_2_0316E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E443 mov eax, dword ptr fs:[00000030h]4_2_0316E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E443 mov eax, dword ptr fs:[00000030h]4_2_0316E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E443 mov eax, dword ptr fs:[00000030h]4_2_0316E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E443 mov eax, dword ptr fs:[00000030h]4_2_0316E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316E443 mov eax, dword ptr fs:[00000030h]4_2_0316E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315A470 mov eax, dword ptr fs:[00000030h]4_2_0315A470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315A470 mov eax, dword ptr fs:[00000030h]4_2_0315A470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315A470 mov eax, dword ptr fs:[00000030h]4_2_0315A470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031BC460 mov ecx, dword ptr fs:[00000030h]4_2_031BC460
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031EA49A mov eax, dword ptr fs:[00000030h]4_2_031EA49A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031644B0 mov ecx, dword ptr fs:[00000030h]4_2_031644B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031BA4B0 mov eax, dword ptr fs:[00000030h]4_2_031BA4B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031364AB mov eax, dword ptr fs:[00000030h]4_2_031364AB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031304E5 mov ecx, dword ptr fs:[00000030h]4_2_031304E5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AEB1D mov eax, dword ptr fs:[00000030h]4_2_031AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AEB1D mov eax, dword ptr fs:[00000030h]4_2_031AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AEB1D mov eax, dword ptr fs:[00000030h]4_2_031AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AEB1D mov eax, dword ptr fs:[00000030h]4_2_031AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AEB1D mov eax, dword ptr fs:[00000030h]4_2_031AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AEB1D mov eax, dword ptr fs:[00000030h]4_2_031AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AEB1D mov eax, dword ptr fs:[00000030h]4_2_031AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AEB1D mov eax, dword ptr fs:[00000030h]4_2_031AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AEB1D mov eax, dword ptr fs:[00000030h]4_2_031AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03204B00 mov eax, dword ptr fs:[00000030h]4_2_03204B00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315EB20 mov eax, dword ptr fs:[00000030h]4_2_0315EB20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315EB20 mov eax, dword ptr fs:[00000030h]4_2_0315EB20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F8B28 mov eax, dword ptr fs:[00000030h]4_2_031F8B28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031F8B28 mov eax, dword ptr fs:[00000030h]4_2_031F8B28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03128B50 mov eax, dword ptr fs:[00000030h]4_2_03128B50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DEB50 mov eax, dword ptr fs:[00000030h]4_2_031DEB50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E4B4B mov eax, dword ptr fs:[00000030h]4_2_031E4B4B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E4B4B mov eax, dword ptr fs:[00000030h]4_2_031E4B4B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C6B40 mov eax, dword ptr fs:[00000030h]4_2_031C6B40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C6B40 mov eax, dword ptr fs:[00000030h]4_2_031C6B40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FAB40 mov eax, dword ptr fs:[00000030h]4_2_031FAB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D8B42 mov eax, dword ptr fs:[00000030h]4_2_031D8B42
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0312CB7E mov eax, dword ptr fs:[00000030h]4_2_0312CB7E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03202B57 mov eax, dword ptr fs:[00000030h]4_2_03202B57
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03202B57 mov eax, dword ptr fs:[00000030h]4_2_03202B57
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03202B57 mov eax, dword ptr fs:[00000030h]4_2_03202B57
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03202B57 mov eax, dword ptr fs:[00000030h]4_2_03202B57
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140BBE mov eax, dword ptr fs:[00000030h]4_2_03140BBE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140BBE mov eax, dword ptr fs:[00000030h]4_2_03140BBE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E4BB0 mov eax, dword ptr fs:[00000030h]4_2_031E4BB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031E4BB0 mov eax, dword ptr fs:[00000030h]4_2_031E4BB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DEBD0 mov eax, dword ptr fs:[00000030h]4_2_031DEBD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03150BCB mov eax, dword ptr fs:[00000030h]4_2_03150BCB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03150BCB mov eax, dword ptr fs:[00000030h]4_2_03150BCB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03150BCB mov eax, dword ptr fs:[00000030h]4_2_03150BCB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03130BCD mov eax, dword ptr fs:[00000030h]4_2_03130BCD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03130BCD mov eax, dword ptr fs:[00000030h]4_2_03130BCD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03130BCD mov eax, dword ptr fs:[00000030h]4_2_03130BCD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03138BF0 mov eax, dword ptr fs:[00000030h]4_2_03138BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03138BF0 mov eax, dword ptr fs:[00000030h]4_2_03138BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03138BF0 mov eax, dword ptr fs:[00000030h]4_2_03138BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315EBFC mov eax, dword ptr fs:[00000030h]4_2_0315EBFC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031BCBF0 mov eax, dword ptr fs:[00000030h]4_2_031BCBF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031BCA11 mov eax, dword ptr fs:[00000030h]4_2_031BCA11
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03154A35 mov eax, dword ptr fs:[00000030h]4_2_03154A35
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03154A35 mov eax, dword ptr fs:[00000030h]4_2_03154A35
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316CA38 mov eax, dword ptr fs:[00000030h]4_2_0316CA38
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316CA24 mov eax, dword ptr fs:[00000030h]4_2_0316CA24
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0315EA2E mov eax, dword ptr fs:[00000030h]4_2_0315EA2E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03136A50 mov eax, dword ptr fs:[00000030h]4_2_03136A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03136A50 mov eax, dword ptr fs:[00000030h]4_2_03136A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03136A50 mov eax, dword ptr fs:[00000030h]4_2_03136A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03136A50 mov eax, dword ptr fs:[00000030h]4_2_03136A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03136A50 mov eax, dword ptr fs:[00000030h]4_2_03136A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03136A50 mov eax, dword ptr fs:[00000030h]4_2_03136A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03136A50 mov eax, dword ptr fs:[00000030h]4_2_03136A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140A5B mov eax, dword ptr fs:[00000030h]4_2_03140A5B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03140A5B mov eax, dword ptr fs:[00000030h]4_2_03140A5B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031ACA72 mov eax, dword ptr fs:[00000030h]4_2_031ACA72
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031ACA72 mov eax, dword ptr fs:[00000030h]4_2_031ACA72
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316CA6F mov eax, dword ptr fs:[00000030h]4_2_0316CA6F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316CA6F mov eax, dword ptr fs:[00000030h]4_2_0316CA6F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316CA6F mov eax, dword ptr fs:[00000030h]4_2_0316CA6F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031DEA60 mov eax, dword ptr fs:[00000030h]4_2_031DEA60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03168A90 mov edx, dword ptr fs:[00000030h]4_2_03168A90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313EA80 mov eax, dword ptr fs:[00000030h]4_2_0313EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313EA80 mov eax, dword ptr fs:[00000030h]4_2_0313EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313EA80 mov eax, dword ptr fs:[00000030h]4_2_0313EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313EA80 mov eax, dword ptr fs:[00000030h]4_2_0313EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313EA80 mov eax, dword ptr fs:[00000030h]4_2_0313EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313EA80 mov eax, dword ptr fs:[00000030h]4_2_0313EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313EA80 mov eax, dword ptr fs:[00000030h]4_2_0313EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313EA80 mov eax, dword ptr fs:[00000030h]4_2_0313EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313EA80 mov eax, dword ptr fs:[00000030h]4_2_0313EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03204A80 mov eax, dword ptr fs:[00000030h]4_2_03204A80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03138AA0 mov eax, dword ptr fs:[00000030h]4_2_03138AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03138AA0 mov eax, dword ptr fs:[00000030h]4_2_03138AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03186AA4 mov eax, dword ptr fs:[00000030h]4_2_03186AA4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03130AD0 mov eax, dword ptr fs:[00000030h]4_2_03130AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03164AD0 mov eax, dword ptr fs:[00000030h]4_2_03164AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03164AD0 mov eax, dword ptr fs:[00000030h]4_2_03164AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03186ACC mov eax, dword ptr fs:[00000030h]4_2_03186ACC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03186ACC mov eax, dword ptr fs:[00000030h]4_2_03186ACC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03186ACC mov eax, dword ptr fs:[00000030h]4_2_03186ACC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316AAEE mov eax, dword ptr fs:[00000030h]4_2_0316AAEE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316AAEE mov eax, dword ptr fs:[00000030h]4_2_0316AAEE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031BC912 mov eax, dword ptr fs:[00000030h]4_2_031BC912
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03128918 mov eax, dword ptr fs:[00000030h]4_2_03128918
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03128918 mov eax, dword ptr fs:[00000030h]4_2_03128918
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AE908 mov eax, dword ptr fs:[00000030h]4_2_031AE908
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031AE908 mov eax, dword ptr fs:[00000030h]4_2_031AE908
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B892A mov eax, dword ptr fs:[00000030h]4_2_031B892A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C892B mov eax, dword ptr fs:[00000030h]4_2_031C892B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B0946 mov eax, dword ptr fs:[00000030h]4_2_031B0946
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03204940 mov eax, dword ptr fs:[00000030h]4_2_03204940
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D4978 mov eax, dword ptr fs:[00000030h]4_2_031D4978
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D4978 mov eax, dword ptr fs:[00000030h]4_2_031D4978
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031BC97C mov eax, dword ptr fs:[00000030h]4_2_031BC97C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03156962 mov eax, dword ptr fs:[00000030h]4_2_03156962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03156962 mov eax, dword ptr fs:[00000030h]4_2_03156962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03156962 mov eax, dword ptr fs:[00000030h]4_2_03156962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0317096E mov eax, dword ptr fs:[00000030h]4_2_0317096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0317096E mov edx, dword ptr fs:[00000030h]4_2_0317096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0317096E mov eax, dword ptr fs:[00000030h]4_2_0317096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B89B3 mov esi, dword ptr fs:[00000030h]4_2_031B89B3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B89B3 mov eax, dword ptr fs:[00000030h]4_2_031B89B3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031B89B3 mov eax, dword ptr fs:[00000030h]4_2_031B89B3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031429A0 mov eax, dword ptr fs:[00000030h]4_2_031429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031309AD mov eax, dword ptr fs:[00000030h]4_2_031309AD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031309AD mov eax, dword ptr fs:[00000030h]4_2_031309AD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A9D0 mov eax, dword ptr fs:[00000030h]4_2_0313A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A9D0 mov eax, dword ptr fs:[00000030h]4_2_0313A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A9D0 mov eax, dword ptr fs:[00000030h]4_2_0313A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A9D0 mov eax, dword ptr fs:[00000030h]4_2_0313A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A9D0 mov eax, dword ptr fs:[00000030h]4_2_0313A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0313A9D0 mov eax, dword ptr fs:[00000030h]4_2_0313A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031649D0 mov eax, dword ptr fs:[00000030h]4_2_031649D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031FA9D3 mov eax, dword ptr fs:[00000030h]4_2_031FA9D3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031C69C0 mov eax, dword ptr fs:[00000030h]4_2_031C69C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031629F9 mov eax, dword ptr fs:[00000030h]4_2_031629F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031629F9 mov eax, dword ptr fs:[00000030h]4_2_031629F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031BE9E0 mov eax, dword ptr fs:[00000030h]4_2_031BE9E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031BC810 mov eax, dword ptr fs:[00000030h]4_2_031BC810
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03152835 mov eax, dword ptr fs:[00000030h]4_2_03152835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03152835 mov eax, dword ptr fs:[00000030h]4_2_03152835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03152835 mov eax, dword ptr fs:[00000030h]4_2_03152835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03152835 mov ecx, dword ptr fs:[00000030h]4_2_03152835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03152835 mov eax, dword ptr fs:[00000030h]4_2_03152835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03152835 mov eax, dword ptr fs:[00000030h]4_2_03152835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_0316A830 mov eax, dword ptr fs:[00000030h]4_2_0316A830
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D483A mov eax, dword ptr fs:[00000030h]4_2_031D483A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_031D483A mov eax, dword ptr fs:[00000030h]4_2_031D483A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03160854 mov eax, dword ptr fs:[00000030h]4_2_03160854
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03134859 mov eax, dword ptr fs:[00000030h]4_2_03134859
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_03134859 mov eax, dword ptr fs:[00000030h]4_2_03134859
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00426DA1 CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,2_2_00426DA1
          Source: C:\Windows\SysWOW64\svchost.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0042202E SetUnhandledExceptionFilter,2_2_0042202E
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004230F5 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_004230F5
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00417D93 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00417D93
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00421FA7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00421FA7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_00115C30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00115C30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_00115DC0 SetUnhandledExceptionFilter,7_2_00115DC0

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\SysWOW64\svchost.exeThread register set: target process: 4004Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEThread register set: target process: 4004Jump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\SysWOW64\svchost.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing technique
          Source: C:\Windows\SysWOW64\svchost.exeSection unmapped: C:\Windows\SysWOW64\NETSTAT.EXE base address: 110000Jump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2622008Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: memset,OpenProcess,K32GetModuleBaseNameW,CompareStringW,CompareStringW,GetSystemDirectoryW,LoadLibraryExW,GetProcAddress,K32GetModuleBaseNameW,CloseHandle,LocalFree,FreeLibrary, svchost.exe7_2_001138D2
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0043916A LogonUserW,2_2_0043916A
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,2_2_0040D6D0
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,2_2_004375B0
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00436431 __wcsicoll,mouse_event,__wcsicoll,mouse_event,2_2_00436431
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\svchost.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00445DD3 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,2_2_00445DD3
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_001158B6 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,7_2_001158B6
          Source: explorer.exe, 00000005.00000000.2138168963.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.4558795796.00000000013A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
          Source: Invoice & Packing list For Sea Shipment.exe, explorer.exe, 00000005.00000000.2138168963.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.4560889863.00000000048E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4558795796.00000000013A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000000.2138168963.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.4558795796.00000000013A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000002.4558258248.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2136446246.0000000000D60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +Progman
          Source: Invoice & Packing list For Sea Shipment.exeBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
          Source: explorer.exe, 00000005.00000000.2138168963.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.4558795796.00000000013A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000005.00000003.2979291022.00000000098AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2144111373.00000000098AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563935093.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd31A
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_00410D10 cpuid 2_2_00410D10
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004223BC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,2_2_004223BC
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004711D2 GetUserNameW,2_2_004711D2
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0042039F __invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,2_2_0042039F
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,2_2_0040E470

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Invoice & Packing list For Sea Shipment.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 6, 0USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:cdeclwinapistdcallnonestrwstrintbooluintlongulongdwordshortushortwordbyteubytebooleanfloatdoubleptrhwndhandlelresultlparamwparamint64uint64int_ptruint_ptrlong_ptrulong_ptrdword_ptridispatch64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----
          Source: Invoice & Packing list For Sea Shipment.exeBinary or memory string: WIN_XP
          Source: Invoice & Packing list For Sea Shipment.exeBinary or memory string: WIN_XPe
          Source: Invoice & Packing list For Sea Shipment.exeBinary or memory string: WIN_VISTA
          Source: Invoice & Packing list For Sea Shipment.exeBinary or memory string: WIN_7

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Invoice & Packing list For Sea Shipment.exe.1280000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_004741BB socket,WSAGetLastError,bind,WSAGetLastError,closesocket,2_2_004741BB
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0046483C socket,WSAGetLastError,bind,WSAGetLastError,listen,WSAGetLastError,closesocket,2_2_0046483C
          Source: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exeCode function: 2_2_0047AD92 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,2_2_0047AD92
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_00114B96 fprintf,GetUdpStatisticsEx,GetIpStatisticsEx,SnmpUtilMemAlloc,fprintf,fprintf,SnmpUtilMemFree,fprintf,fprintf,SnmpUtilMemAlloc,SnmpUtilOidCpy,SnmpUtilVarBindFree,SnmpUtilVarBindFree,SnmpUtilVarBindFree,SnmpUtilVarBindFree,GetIcmpStatisticsEx,GetTcpStatisticsEx,7_2_00114B96

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure2
          Valid Accounts          		3
          Native API          		1
          DLL Side-Loading          		1
          Exploitation for Privilege Escalation          		1
          Disable or Modify Tools          		21
          Input Capture          		2
          System Time Discovery          		Remote Services1
          Archive Collected Data          		2
          Ingress Tool Transfer          		Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault Accounts1
          Shared Modules          		2
          Valid Accounts          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		LSASS Memory1
          Account Discovery          		Remote Desktop Protocol21
          Input Capture          		1
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts2
          Command and Scripting Interpreter          		Logon Script (Windows)2
          Valid Accounts          		2
          Obfuscated Files or Information          		Security Account Manager1
          System Network Connections Discovery          		SMB/Windows Admin Shares3
          Clipboard Data          		2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
          Access Token Manipulation          		1
          DLL Side-Loading          		NTDS2
          File and Directory Discovery          		Distributed Component Object ModelInput Capture12
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script522
          Process Injection          		2
          Valid Accounts          		LSA Secrets215
          System Information Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Virtualization/Sandbox Evasion          		Cached Domain Credentials341
          Security Software Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
          Access Token Manipulation          		DCSync2
          Virtualization/Sandbox Evasion          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job522
          Process Injection          		Proc Filesystem3
          Process Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow11
          Application Window Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
          System Owner/User Discovery          		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
          Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
          System Network Configuration Discovery          		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1540277 Sample: Invoice & Packing list For ... Startdate: 23/10/2024 Architecture: WINDOWS Score: 100 32 www.roduct-xgky.xyz 2->32 34 www.ound-omagf.xyz 2->34 36 11 other IPs or domains 2->36 40 Suricata IDS alerts for network traffic 2->40 42 Found malware configuration 2->42 44 Malicious sample detected (through community Yara rule) 2->44 48 8 other signatures 2->48 11 Invoice & Packing list For Sea Shipment.exe 1 2->11         started        signatures3 46 Performs DNS queries to domains with low reputation 34->46 process4 signatures5 58 Writes to foreign memory regions 11->58 60 Maps a DLL or memory area into another process 11->60 14 svchost.exe 11->14         started        process6 signatures7 62 Modifies the context of a thread in another process (thread injection) 14->62 64 Maps a DLL or memory area into another process 14->64 66 Sample uses process hollowing technique 14->66 68 3 other signatures 14->68 17 explorer.exe 47 1 14->17 injected process8 dnsIp9 30 94950.bodis.com 199.59.243.227, 50004, 80 BODIS-NJUS United States 17->30 38 Uses netstat to query active network connections and open ports 17->38 21 NETSTAT.EXE 17->21         started        24 autoconv.exe 17->24         started        signatures10 process11 signatures12 50 Modifies the context of a thread in another process (thread injection) 21->50 52 Maps a DLL or memory area into another process 21->52 54 Tries to detect virtualization through RDTSC time measurements 21->54 56 Switches to a custom stack to bypass stack traces 21->56 26 cmd.exe 1 21->26         started        process13 process14 28 conhost.exe 26->28         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Invoice & Packing list For Sea Shipment.exe26%ReversingLabs
          Invoice & Packing list For Sea Shipment.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV0%URL Reputationsafe
          https://api.msn.com:443/v1/news/Feed/Windows?0%URL Reputationsafe
          https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings0%URL Reputationsafe
          https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew0%URL Reputationsafe
          https://android.notify.windows.com/iOS0%URL Reputationsafe
          https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp0%URL Reputationsafe
          https://api.msn.com/v1/news/Feed/Windows?0%URL Reputationsafe
          http://schemas.micro0%URL Reputationsafe
          https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew0%URL Reputationsafe
          https://api.msn.com/0%URL Reputationsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          94950.bodis.com
          		199.59.243.227
          		truetrue
            		unknown
            www.6282.xyz
            		156.235.1.30
            		truetrue
              		unknown
              www.rasko.net
              		89.184.73.149
              		truetrue
                		unknown
                www.ound-omagf.xyz
                		unknown
                		unknowntrue
                  		unknown
                  www.hemicans.xyz
                  		unknown
                  		unknowntrue
                    		unknown
                    www.ecurityemployment.today
                    		unknown
                    		unknowntrue
                      		unknown
                      www.ehkd.top
                      		unknown
                      		unknowntrue
                        		unknown
                        www.sfmoreservicesllc.lat
                        		unknown
                        		unknowntrue
                          		unknown
                          www.9net88.net
                          		unknown
                          		unknowntrue
                            		unknown
                            www.roduct-xgky.xyz
                            		unknown
                            		unknowntrue
                              		unknown
                              www.ridesmaidgiftsboutiqueki.shop
                              		unknown
                              		unknowntrue
                                		unknown
                                www.onsfskfsmpfssfpewqdsawqe.xyz
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.oal-ahzgwo.xyz
                                  		unknown
                                  		unknowntrue
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    www.9net88.net/ge07/true
                                      		unknown
                                      http://www.9net88.net/ge07/?XRA4Dv_0=rInKjcO63u4K1THTAINFv2coOl+G9i0Xo3vzod/XDYjf3VmyXg5Nkxs22ujGcbkomNpSpJke0g==&DVld2=Ybu8dZf0true
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://www.ound-omagf.xyzReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngFexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://www.hemicans.xyz/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2143452239.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://word.office.comMexplorer.exe, 00000005.00000000.2148059498.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4569767529.000000000C08C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981137973.000000000C08C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://www.roduct-xgky.xyz/ge07/www.9net88.netexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://www.f7y2i9fgm.xyz/ge07/www.giyztm.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameriexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://www.ocockbowerlybrawer.cfd/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://www.ehkd.top/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://www.giyztm.xyz/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://www.6282.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://www.6282.xyzReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://www.f7y2i9fgm.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://www.ocockbowerlybrawer.cfdexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://www.giyztm.xyzReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://wns.windows.com/eexplorer.exe, 00000005.00000003.2979291022.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2144111373.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563935093.00000000099AB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://www.hemicans.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://www.oal-ahzgwo.xyz/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://www.ecurityemployment.today/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://www.sfmoreservicesllc.lat/ge07/www.ecurityemployment.todayexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://www.ound-omagf.xyz/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.hemicans.xyzReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://www.hemicans.xyz/ge07/www.f7y2i9fgm.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&ocexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://www.9net88.net/ge07/www.ound-omagf.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://www.rasko.net/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://www.ehkd.topexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://www.6282.xyz/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://www.sfmoreservicesllc.latReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://www.roduct-xgky.xyzReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://www.ocockbowerlybrawer.cfd/ge07/www.hqm-during.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://android.notify.windows.com/iOSexplorer.exe, 00000005.00000000.2148059498.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://outlook.comeexplorer.exe, 00000005.00000000.2148059498.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4569767529.000000000C08C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981137973.000000000C08C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.rasko.netReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://www.hqm-during.xyzReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000005.00000003.2979291022.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2144111373.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563935093.00000000099AB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-theexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://www.f7y2i9fgm.xyz/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://www.oal-ahzgwo.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://www.onsfskfsmpfssfpewqdsawqe.xyz/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://www.ecurityemployment.todayexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://www.giyztm.xyz/ge07/www.ocockbowerlybrawer.cfdexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000005.00000000.2143452239.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://www.6282.xyz/ge07/www.hemicans.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://www.roduct-xgky.xyz/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://api.msn.com/Iexplorer.exe, 00000005.00000000.2143452239.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://www.9net88.netReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://schemas.microexplorer.exe, 00000005.00000000.2142359061.0000000007B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.2142341594.0000000007B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.2138425135.00000000028A0000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://www.sfmoreservicesllc.latexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://www.onsfskfsmpfssfpewqdsawqe.xyzReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://www.9net88.net/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://www.rasko.netexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://www.sfmoreservicesllc.lat/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://www.onsfskfsmpfssfpewqdsawqe.xyz/ge07/www.oal-ahzgwo.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://www.ehkd.top/ge07/www.6282.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.ocockbowerlybrawer.cfdReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://www.hqm-during.xyz/ge07/explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.ound-omagf.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.ridesmaidgiftsboutiqueki.shopReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.ehkd.topReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.giyztm.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-hexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://www.ridesmaidgiftsboutiqueki.shopexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-quexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://www.ecurityemployment.todayReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://www.f7y2i9fgm.xyzReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://www.hqm-during.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://www.ridesmaidgiftsboutiqueki.shop/ge07/www.roduct-xgky.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://www.oal-ahzgwo.xyz/ge07/www.rasko.netexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhzexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://excel.office.com-explorer.exe, 00000005.00000000.2148059498.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4569767529.000000000C08C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981137973.000000000C08C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svgexplorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-darkexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://www.ecurityemployment.today/ge07/www.onsfskfsmpfssfpewqdsawqe.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AAexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://www.onsfskfsmpfssfpewqdsawqe.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://www.ound-omagf.xyz/ge07/www.sfmoreservicesllc.latexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-cexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://www.ridesmaidgiftsboutiqueki.shop/ge07/explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://www.oal-ahzgwo.xyzReferer:explorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reveexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://www.9net88.netexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://powerpoint.office.comEMdexplorer.exe, 00000005.00000000.2148059498.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4569767529.000000000BFEF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://www.rasko.net/ge07/www.ehkd.topexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nationexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://www.roduct-xgky.xyzexplorer.exe, 00000005.00000003.3075329451.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2982536466.000000000C4B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2981060978.000000000C49A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4570976164.000000000C49C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://api.msn.com/explorer.exe, 00000005.00000000.2143452239.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4563193761.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-darkexplorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://www.msn.com:443/en-us/feedexplorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-explorer.exe, 00000005.00000002.4561072756.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.2141349802.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown

                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                      199.59.243.227
                                                                                                                                                                                                                      		94950.bodis.comUnited States
                                                                                                                                                                                                                      		395082BODIS-NJUStrue

                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                      Analysis ID:1540277
                                                                                                                                                                                                                      Start date and time:2024-10-23 16:34:07 +02:00
                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                      Overall analysis duration:0h 10m 51s
                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                      Number of analysed new started processes analysed:13
                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                      Number of injected processes analysed:1
                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                      Sample name:Invoice & Packing list For Sea Shipment.exe
                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                      Classification:mal100.troj.evad.winEXE@275/1@12/1
                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                      • Number of executed functions: 38
                                                                                                                                                                                                                      • Number of non-executed functions: 318
                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, tse1.mm.bing.net, ctldl.windowsupdate.com, g.bing.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                      • VT rate limit hit for: Invoice & Packing list For Sea Shipment.exe

                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                      10:34:59API Interceptor6741960x Sleep call for process: explorer.exe modified
                                                                                                                                                                                                                      10:35:41API Interceptor5925241x Sleep call for process: NETSTAT.EXE modified

                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      199.59.243.227Invoice Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • www.9net88.net/ge07/?FXT8AF=2dkTOn9Hj2ox&T8itM8U=rInKjcO63u4K1THTAINFv2coOl+G9i0Xo3vzod/XDYjf3VmyXg5Nkxs22tPZEr4Tl6UO
                                                                                                                                                                                                                      COMMERCAIL INVOICE AND DHL AWB TRACKING DETAIL.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • www.solidarity.rocks/hezo/
                                                                                                                                                                                                                      Invoice Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • www.9net88.net/ge07/?Qzr=Llspyx1H8n00&anM=rInKjcO63u4K1THTAINFv2coOl+G9i0Xo3vzod/XDYjf3VmyXg5Nkxs22uj/DqErob1VpJkZnQ==
                                                                                                                                                                                                                      zamowienie.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                      • www.gold-rates.online/rod1/
                                                                                                                                                                                                                      PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                      • www.rebel.tienda/7n9v/
                                                                                                                                                                                                                      rHSBCBank_Paymentswiftcpy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • www.donante-de-ovulos.biz/g3wl/
                                                                                                                                                                                                                      Halkbank_Ekstre_20230426_075819_154055.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • www.online-dating28.xyz/xl8n/
                                                                                                                                                                                                                      Re property pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • www.662-home-nb.shop/axh7/
                                                                                                                                                                                                                      #U8a02#U55ae#U63cf#U8ff0.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • www.notepad.mobi/4q0m/
                                                                                                                                                                                                                      jOAcln1aPL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • hb-drye.com/cpanel/panel/uploads/Jpnisg.pdf

                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      94950.bodis.comInvoice Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      Invoice Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      OVERDUE BALANCE.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      PO23100072.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      PO-000001488.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      Enquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      Amended Proforma #U2013 SMWD5043.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.226
                                                                                                                                                                                                                      PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.226
                                                                                                                                                                                                                      www.rasko.netInvoice Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 89.184.73.149
                                                                                                                                                                                                                      Invoice Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 89.184.73.149

                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      BODIS-NJUSInvoice Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      6 654398.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      COMMERCAIL INVOICE AND DHL AWB TRACKING DETAIL.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      Invoice Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      zamowienie.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      rHSBCBank_Paymentswiftcpy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      Halkbank_Ekstre_20230426_075819_154055.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      Re property pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227
                                                                                                                                                                                                                      #U8a02#U55ae#U63cf#U8ff0.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 199.59.243.227

                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\iodization

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):189440
                                                                                                                                                                                                                      Entropy (8bit):7.7911912545380675
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:5DWaCDgh7i1hAQ78r4KJJQASc+LaGMvnm/OYJjJsapoSt83u+Dinn8D/fqki:JWR1hAlr4KJJHJe2YliG8e+DqnObi
                                                                                                                                                                                                                      MD5:5DDE458741882865D67AAD4FED3EE7E3
                                                                                                                                                                                                                      SHA1:8618ED1F0401AC9B0EFACF79C8A4CE1AB671AFC2
                                                                                                                                                                                                                      SHA-256:7FD3FD60BCEFC897358C4BD72569F1927E18C1D3F2B0DDE54BA38A1BE754D29B
                                                                                                                                                                                                                      SHA-512:2C1E5CDD0A2CFD0F825C66171864152EEFE790EA7A5BF70A4D91FAF9C669B666DE5E8A41C658DD25D341187EA638354F46C76E152FF8874CF55D6F116EBA29A8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Preview:.kq..J19L...8.....LO....MY..LL7E14NQJ19LL7E14NQJ19LL7E14NQ.19LB(.?4.X...M..de\'"jAK#+E$\.-0$_V8lU .F;?jXWl.x..Y!5/.4AF.E14NQJ1..D..R...W...Q..4..._..7....7..9....W..8)Y..*.E14NQJ19LL7E14NQ.t9L.6D1.8.19LL7E14.QH02MF7E.6NQJ19LL7EA.OQJ!9LL.G14N.J1)LL7G14KQK19LL7@15NQJ19L.5E16NQJ19LN7..4NAJ1)LL7E!4NAJ19LL7U14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7kEQ6%J19..5E1$NQJ.;LL'E14NQJ19LL7E14nQJQ9LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL7E14NQJ19LL

                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Entropy (8bit):7.331631363187984
                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 95.11%
                                                                                                                                                                                                                      • AutoIt3 compiled script executable (510682/80) 4.86%
                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                      File name:Invoice & Packing list For Sea Shipment.exe
                                                                                                                                                                                                                      File size:1'085'795 bytes
                                                                                                                                                                                                                      MD5:c1bca0dbb6e614a1f38efdba926db82d
                                                                                                                                                                                                                      SHA1:94addf2011056281afcd7425657d76e760d77bad
                                                                                                                                                                                                                      SHA256:1ae734d22270bb261f984838e51a77bc5f32be08ac895157ac2691d042fa6dc3
                                                                                                                                                                                                                      SHA512:f87413ff19892c14bca5089a9bb183fd10aad25c87effcccc0c0d1b46cdf5b724a487580cf55e08cf0c2b15f060ac3ea3e0a9fb144559b68cddf2d9c62a13956
                                                                                                                                                                                                                      SSDEEP:24576:ffmMv6Ckr7Mny5QLiIuTVm4iGEvDuOPcg0B:f3v+7/5QLoTVoGb
                                                                                                                                                                                                                      TLSH:2035E112B7D680F6D9A33971193BE32BEB3575194323C48BA7E02F779E211405B3A762
                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i.....9.k...`.:.w...`.,.....`.+.P...N%..c...N%..H...i...d...`. ./...w.:.k...w.;.h...i.8.h...`.>.h...Richi..........

                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                      Icon Hash:1733312925935517

                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Entrypoint:0x416310
                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                      Time Stamp:0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC]
                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                      Import Hash:aaaa8913c89c8aa4a5d93f06853894da

                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                      call 00007FD0DC4D837Ch
                                                                                                                                                                                                                      jmp 00007FD0DC4CC14Eh
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                      mov esi, dword ptr [ebp+0Ch]
                                                                                                                                                                                                                      mov ecx, dword ptr [ebp+10h]
                                                                                                                                                                                                                      mov edi, dword ptr [ebp+08h]
                                                                                                                                                                                                                      mov eax, ecx
                                                                                                                                                                                                                      mov edx, ecx
                                                                                                                                                                                                                      add eax, esi
                                                                                                                                                                                                                      cmp edi, esi
                                                                                                                                                                                                                      jbe 00007FD0DC4CC2DAh
                                                                                                                                                                                                                      cmp edi, eax
                                                                                                                                                                                                                      jc 00007FD0DC4CC47Ah
                                                                                                                                                                                                                      cmp ecx, 00000100h
                                                                                                                                                                                                                      jc 00007FD0DC4CC2F1h
                                                                                                                                                                                                                      cmp dword ptr [004A94E0h], 00000000h
                                                                                                                                                                                                                      je 00007FD0DC4CC2E8h
                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                      and edi, 0Fh
                                                                                                                                                                                                                      and esi, 0Fh
                                                                                                                                                                                                                      cmp edi, esi
                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                      pop edi
                                                                                                                                                                                                                      jne 00007FD0DC4CC2DAh
                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                      pop edi
                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                      jmp 00007FD0DC4CC73Ah
                                                                                                                                                                                                                      test edi, 00000003h
                                                                                                                                                                                                                      jne 00007FD0DC4CC2E7h
                                                                                                                                                                                                                      shr ecx, 02h
                                                                                                                                                                                                                      and edx, 03h
                                                                                                                                                                                                                      cmp ecx, 08h
                                                                                                                                                                                                                      jc 00007FD0DC4CC2FCh
                                                                                                                                                                                                                      rep movsd
                                                                                                                                                                                                                      jmp dword ptr [00416494h+edx*4]
                                                                                                                                                                                                                      nop
                                                                                                                                                                                                                      mov eax, edi
                                                                                                                                                                                                                      mov edx, 00000003h
                                                                                                                                                                                                                      sub ecx, 04h
                                                                                                                                                                                                                      jc 00007FD0DC4CC2DEh
                                                                                                                                                                                                                      and eax, 03h
                                                                                                                                                                                                                      add ecx, eax
                                                                                                                                                                                                                      jmp dword ptr [004163A8h+eax*4]
                                                                                                                                                                                                                      jmp dword ptr [004164A4h+ecx*4]
                                                                                                                                                                                                                      nop
                                                                                                                                                                                                                      jmp dword ptr [00416428h+ecx*4]
                                                                                                                                                                                                                      nop
                                                                                                                                                                                                                      mov eax, E4004163h
                                                                                                                                                                                                                      arpl word ptr [ecx+00h], ax
                                                                                                                                                                                                                      or byte ptr [ecx+eax*2+00h], ah
                                                                                                                                                                                                                      and edx, ecx
                                                                                                                                                                                                                      mov al, byte ptr [esi]
                                                                                                                                                                                                                      mov byte ptr [edi], al
                                                                                                                                                                                                                      mov al, byte ptr [esi+01h]
                                                                                                                                                                                                                      mov byte ptr [edi+01h], al
                                                                                                                                                                                                                      mov al, byte ptr [esi+02h]
                                                                                                                                                                                                                      shr ecx, 02h
                                                                                                                                                                                                                      mov byte ptr [edi+02h], al
                                                                                                                                                                                                                      add esi, 03h
                                                                                                                                                                                                                      add edi, 03h
                                                                                                                                                                                                                      cmp ecx, 08h
                                                                                                                                                                                                                      jc 00007FD0DC4CC29Eh

                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                      • [ASM] VS2008 SP1 build 30729
                                                                                                                                                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                      • [C++] VS2008 SP1 build 30729
                                                                                                                                                                                                                      • [ C ] VS2005 build 50727
                                                                                                                                                                                                                      • [IMP] VS2005 build 50727
                                                                                                                                                                                                                      • [ASM] VS2008 build 21022
                                                                                                                                                                                                                      • [RES] VS2008 build 21022
                                                                                                                                                                                                                      • [LNK] VS2008 SP1 build 30729

                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x8cd3c0x154.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9298.rsrc
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x820000x840.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                      .text0x10000x800170x802006c20c6bf686768b6f134f5bd508171bcFalse0.5602991615853659data6.634688230255595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .rdata0x820000xd95c0xda00f979966509a93083729d23cdfd2a6f2dFalse0.36256450688073394data4.880040824124099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .data0x900000x1a5180x6800e5d77411f751d28c6eee48a743606795False0.1600060096153846data2.2017649896261107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      .rsrc0xab0000x92980x9400f6be76de0ef2c68f397158bf01bdef3eFalse0.4896801097972973data5.530303089784181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                      RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                      RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                      RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                      RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                                                                                                                                      RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                                                                                                                                      RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                                                                                                                                      RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                                                                                                                                      RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                                                                                                                                      RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                                                                                                                                      RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                                                                                                                                      RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                                                                                                                                      RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                                                                                                                                      RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                      RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                      RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                                                                                                                                      RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                                                                                                                                      RT_STRING0xb28380x43adataEnglishGreat Britain0.3733826247689464
                                                                                                                                                                                                                      RT_STRING0xb2c780x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                      RT_STRING0xb32780x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                      RT_STRING0xb38d80x388dataEnglishGreat Britain0.377212389380531
                                                                                                                                                                                                                      RT_STRING0xb3c600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                                                                                                                                      RT_GROUP_ICON0xb3db80x84dataEnglishGreat Britain0.6439393939393939
                                                                                                                                                                                                                      RT_GROUP_ICON0xb3e400x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                      RT_GROUP_ICON0xb3e580x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                      RT_GROUP_ICON0xb3e700x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                      RT_VERSION0xb3e880x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                                                                                                                                      RT_MANIFEST0xb40280x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                      WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                                                                                                                                      VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                      COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                                                                                                                                      MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                                                                                                                                      WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                                                                                                                                      PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                                                                                                                                      USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                                                                                                                                      KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ResumeThread, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, HeapReAlloc, HeapCreate, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, LCMapStringA, RtlUnwind, SetFilePointer, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, EnumResourceNamesW, SetEnvironmentVariableA
                                                                                                                                                                                                                      USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, CopyImage, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, PeekMessageW, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, GetMenuItemID, TranslateMessage, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, UnregisterHotKey, CharLowerBuffW, MonitorFromRect, keybd_event, LoadImageW, GetWindowLongW
                                                                                                                                                                                                                      GDI32.dllDeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
                                                                                                                                                                                                                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                      ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetAclInformation, GetAce, AddAce, GetSecurityDescriptorDacl
                                                                                                                                                                                                                      SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                                                                                                                      ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
                                                                                                                                                                                                                      OLEAUT32.dllSafeArrayAllocData, SafeArrayAllocDescriptorEx, SysAllocString, OleLoadPicture, SafeArrayGetVartype, SafeArrayDestroyData, SafeArrayAccessData, VarR8FromDec, VariantTimeToSystemTime, VariantClear, VariantCopy, VariantInit, SafeArrayDestroyDescriptor, LoadRegTypeLib, GetActiveObject, SafeArrayUnaccessData

                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                      EnglishGreat Britain
                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                      2024-10-23T16:36:16.758074+02002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.650004199.59.243.22780TCP
                                                                                                                                                                                                                      2024-10-23T16:36:16.758074+02002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.650004199.59.243.22780TCP
                                                                                                                                                                                                                      2024-10-23T16:36:16.758074+02002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.650004199.59.243.22780TCP
                                                                                                                                                                                                                      2024-10-23T16:38:19.553919+02002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.65000989.184.73.14980TCP
                                                                                                                                                                                                                      2024-10-23T16:38:19.553919+02002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.65000989.184.73.14980TCP
                                                                                                                                                                                                                      2024-10-23T16:38:19.553919+02002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.65000989.184.73.14980TCP
                                                                                                                                                                                                                      2024-10-23T16:39:00.926521+02002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.650010156.235.1.3080TCP
                                                                                                                                                                                                                      2024-10-23T16:39:00.926521+02002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.650010156.235.1.3080TCP
                                                                                                                                                                                                                      2024-10-23T16:39:00.926521+02002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.650010156.235.1.3080TCP

                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.207850933 CEST5000480192.168.2.6199.59.243.227
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.214282990 CEST8050004199.59.243.227192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.214390993 CEST5000480192.168.2.6199.59.243.227
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.214505911 CEST5000480192.168.2.6199.59.243.227
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.220433950 CEST8050004199.59.243.227192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.751575947 CEST5000480192.168.2.6199.59.243.227
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.757471085 CEST8050004199.59.243.227192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.758074045 CEST5000480192.168.2.6199.59.243.227

                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Oct 23, 2024 16:35:36.025554895 CEST6552653192.168.2.61.1.1.1
                                                                                                                                                                                                                      Oct 23, 2024 16:35:36.036293983 CEST53655261.1.1.1192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:35:56.947191000 CEST6424353192.168.2.61.1.1.1
                                                                                                                                                                                                                      Oct 23, 2024 16:35:56.958662033 CEST53642431.1.1.1192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.134422064 CEST5761153192.168.2.61.1.1.1
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.207127094 CEST53576111.1.1.1192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:36:36.478579044 CEST5895653192.168.2.61.1.1.1
                                                                                                                                                                                                                      Oct 23, 2024 16:36:36.504333019 CEST53589561.1.1.1192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:36:56.869075060 CEST5286253192.168.2.61.1.1.1
                                                                                                                                                                                                                      Oct 23, 2024 16:36:56.879426956 CEST53528621.1.1.1192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:37:17.619652033 CEST6213153192.168.2.61.1.1.1
                                                                                                                                                                                                                      Oct 23, 2024 16:37:17.629996061 CEST53621311.1.1.1192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:37:38.182090998 CEST6150053192.168.2.61.1.1.1
                                                                                                                                                                                                                      Oct 23, 2024 16:37:38.210541964 CEST53615001.1.1.1192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:37:58.541084051 CEST4998253192.168.2.61.1.1.1
                                                                                                                                                                                                                      Oct 23, 2024 16:37:58.551877022 CEST53499821.1.1.1192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:38:18.884700060 CEST6067253192.168.2.61.1.1.1
                                                                                                                                                                                                                      Oct 23, 2024 16:38:18.930273056 CEST53606721.1.1.1192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:38:39.228564978 CEST6210753192.168.2.61.1.1.1
                                                                                                                                                                                                                      Oct 23, 2024 16:38:39.529831886 CEST53621071.1.1.1192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:38:59.787380934 CEST6222753192.168.2.61.1.1.1
                                                                                                                                                                                                                      Oct 23, 2024 16:39:00.248538017 CEST53622271.1.1.1192.168.2.6
                                                                                                                                                                                                                      Oct 23, 2024 16:39:20.743801117 CEST5923353192.168.2.61.1.1.1
                                                                                                                                                                                                                      Oct 23, 2024 16:39:20.754220963 CEST53592331.1.1.1192.168.2.6

                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                      Oct 23, 2024 16:35:36.025554895 CEST192.168.2.61.1.1.10x31abStandard query (0)www.ridesmaidgiftsboutiqueki.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:35:56.947191000 CEST192.168.2.61.1.1.10xb6efStandard query (0)www.roduct-xgky.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.134422064 CEST192.168.2.61.1.1.10x834bStandard query (0)www.9net88.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:36:36.478579044 CEST192.168.2.61.1.1.10xef04Standard query (0)www.ound-omagf.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:36:56.869075060 CEST192.168.2.61.1.1.10x98f2Standard query (0)www.sfmoreservicesllc.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:37:17.619652033 CEST192.168.2.61.1.1.10xdf6aStandard query (0)www.ecurityemployment.todayA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:37:38.182090998 CEST192.168.2.61.1.1.10x1bd8Standard query (0)www.onsfskfsmpfssfpewqdsawqe.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:37:58.541084051 CEST192.168.2.61.1.1.10x133bStandard query (0)www.oal-ahzgwo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:38:18.884700060 CEST192.168.2.61.1.1.10x992fStandard query (0)www.rasko.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:38:39.228564978 CEST192.168.2.61.1.1.10xbadeStandard query (0)www.ehkd.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:38:59.787380934 CEST192.168.2.61.1.1.10x9a9bStandard query (0)www.6282.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:39:20.743801117 CEST192.168.2.61.1.1.10xeabaStandard query (0)www.hemicans.xyzA (IP address)IN (0x0001)false

                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                      Oct 23, 2024 16:35:36.036293983 CEST1.1.1.1192.168.2.60x31abName error (3)www.ridesmaidgiftsboutiqueki.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:35:56.958662033 CEST1.1.1.1192.168.2.60xb6efName error (3)www.roduct-xgky.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.207127094 CEST1.1.1.1192.168.2.60x834bNo error (0)www.9net88.net94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.207127094 CEST1.1.1.1192.168.2.60x834bNo error (0)94950.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:36:36.504333019 CEST1.1.1.1192.168.2.60xef04Name error (3)www.ound-omagf.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:36:56.879426956 CEST1.1.1.1192.168.2.60x98f2Name error (3)www.sfmoreservicesllc.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:37:17.629996061 CEST1.1.1.1192.168.2.60xdf6aName error (3)www.ecurityemployment.todaynonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:37:38.210541964 CEST1.1.1.1192.168.2.60x1bd8Name error (3)www.onsfskfsmpfssfpewqdsawqe.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:37:58.551877022 CEST1.1.1.1192.168.2.60x133bName error (3)www.oal-ahzgwo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:38:18.930273056 CEST1.1.1.1192.168.2.60x992fNo error (0)www.rasko.net89.184.73.149A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:38:39.529831886 CEST1.1.1.1192.168.2.60xbadeName error (3)www.ehkd.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:39:00.248538017 CEST1.1.1.1192.168.2.60x9a9bNo error (0)www.6282.xyz156.235.1.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Oct 23, 2024 16:39:20.754220963 CEST1.1.1.1192.168.2.60xeabaName error (3)www.hemicans.xyznonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                      • www.9net88.net

                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      0192.168.2.650004199.59.243.227804004C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Oct 23, 2024 16:36:16.214505911 CEST172OUTGET /ge07/?XRA4Dv_0=rInKjcO63u4K1THTAINFv2coOl+G9i0Xo3vzod/XDYjf3VmyXg5Nkxs22ujGcbkomNpSpJke0g==&DVld2=Ybu8dZf0 HTTP/1.1
                                                                                                                                                                                                                      Host: www.9net88.net
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                      Data Ascii:


                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                      Start time:10:34:56
                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe"
                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                      File size:1'085'795 bytes
                                                                                                                                                                                                                      MD5 hash:C1BCA0DBB6E614A1F38EFDBA926DB82D
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.2130897961.0000000001280000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                      Start time:10:34:57
                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe"
                                                                                                                                                                                                                      Imagebase:0x20000
                                                                                                                                                                                                                      File size:46'504 bytes
                                                                                                                                                                                                                      MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2196656517.0000000002DD0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2196242890.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2196748383.0000000003040000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                      Start time:10:34:59
                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                      Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                      Imagebase:0x7ff609140000
                                                                                                                                                                                                                      File size:5'141'208 bytes
                                                                                                                                                                                                                      MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                      • Rule: Windows_Trojan_Formbook_772cc62d, Description: unknown, Source: 00000005.00000002.4571837809.000000001027D000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                      Start time:10:35:02
                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\autoconv.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\SysWOW64\autoconv.exe"
                                                                                                                                                                                                                      Imagebase:0xbe0000
                                                                                                                                                                                                                      File size:842'752 bytes
                                                                                                                                                                                                                      MD5 hash:A705C2ACED7DDB71AFB87C4ED384BED6
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                      Start time:10:35:02
                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Windows\SysWOW64\NETSTAT.EXE"
                                                                                                                                                                                                                      Imagebase:0x110000
                                                                                                                                                                                                                      File size:32'768 bytes
                                                                                                                                                                                                                      MD5 hash:9DB170ED520A6DD57B5AC92EC537368A
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.4558314970.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.4558387669.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.4558149677.0000000002350000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                      Start time:10:35:05
                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:/c del "C:\Windows\SysWOW64\svchost.exe"
                                                                                                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                      Start time:10:35:05
                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff7ebd50000
                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:2.9%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:2.4%
                                                                                                                                                                                                                        Signature Coverage:5%
                                                                                                                                                                                                                        Total number of Nodes:1412
                                                                                                                                                                                                                        Total number of Limit Nodes:35
                                                                                                                                                                                                                        execution_graph 84645 4444e4 84650 40d900 84645->84650 84647 4444ee 84654 43723d 84647->84654 84649 444504 84651 40d917 84650->84651 84652 40d909 84650->84652 84651->84652 84653 40d91c CloseHandle 84651->84653 84652->84647 84653->84647 84655 40d900 CloseHandle 84654->84655 84656 437247 ctype 84655->84656 84656->84649 84919 40f110 RegOpenKeyExW 84920 40f13c RegQueryValueExW RegCloseKey 84919->84920 84921 40f15f 84919->84921 84920->84921 84922 429212 84927 410b90 84922->84927 84925 411421 __cinit 74 API calls 84926 42922f 84925->84926 84928 410b9a __write_nolock 84927->84928 84929 41171a 75 API calls 84928->84929 84930 410c31 GetModuleFileNameW 84929->84930 84944 413db0 84930->84944 84932 410c66 _wcsncat 84947 413e3c 84932->84947 84935 41171a 75 API calls 84936 410ca3 _wcscpy 84935->84936 84937 410cd1 RegOpenKeyExW 84936->84937 84938 429bc3 RegQueryValueExW 84937->84938 84939 410cf7 84937->84939 84940 429cd9 RegCloseKey 84938->84940 84942 429bf2 _wcscat _wcslen _wcsncpy 84938->84942 84939->84925 84941 41171a 75 API calls 84941->84942 84942->84941 84943 429cd8 84942->84943 84943->84940 84950 413b95 84944->84950 84980 41abec 84947->84980 84951 413c2f 84950->84951 84957 413bae 84950->84957 84952 413d60 84951->84952 84953 413d7b 84951->84953 84976 417f23 67 API calls __getptd_noexit 84952->84976 84978 417f23 67 API calls __getptd_noexit 84953->84978 84956 413d65 84961 413cfb 84956->84961 84977 417ebb 6 API calls 2 library calls 84956->84977 84957->84951 84966 413c1d 84957->84966 84972 41ab19 67 API calls _ftell 84957->84972 84960 413d03 84960->84951 84960->84961 84963 413d8e 84960->84963 84961->84932 84962 413cb9 84962->84951 84964 413cd6 84962->84964 84974 41ab19 67 API calls _ftell 84962->84974 84979 41ab19 67 API calls _ftell 84963->84979 84964->84951 84964->84961 84968 413cef 84964->84968 84966->84951 84971 413c9b 84966->84971 84973 41ab19 67 API calls _ftell 84966->84973 84975 41ab19 67 API calls _ftell 84968->84975 84971->84960 84971->84962 84972->84966 84973->84971 84974->84964 84975->84961 84976->84956 84978->84956 84979->84961 84981 41ac02 84980->84981 84982 41abfd 84980->84982 84989 417f23 67 API calls __getptd_noexit 84981->84989 84982->84981 84988 41ac22 84982->84988 84984 41ac07 84990 417ebb 6 API calls 2 library calls 84984->84990 84987 410c99 84987->84935 84988->84987 84991 417f23 67 API calls __getptd_noexit 84988->84991 84989->84984 84991->84984 84992 409030 85006 409110 117 API calls 84992->85006 84994 42ceb6 85016 410ae0 VariantClear ctype 84994->85016 84996 42cebf 84997 40906e 84997->84994 84998 42cea9 84997->84998 85000 4090a4 84997->85000 85015 45e62e 116 API calls 3 library calls 84998->85015 85007 404160 85000->85007 85003 4090f0 ctype 85004 4092c0 VariantClear 85005 4090be ctype 85004->85005 85005->85003 85005->85004 85006->84997 85008 4092c0 VariantClear 85007->85008 85009 40416e 85008->85009 85017 404120 85009->85017 85011 40419b 85021 40efe0 85011->85021 85029 4734b7 85011->85029 85012 4041c6 85012->84994 85012->85005 85015->84994 85016->84996 85018 40412e 85017->85018 85019 4092c0 VariantClear 85018->85019 85020 404138 85019->85020 85020->85011 85022 40eff5 CreateFileW 85021->85022 85023 4299bf 85021->85023 85024 40f017 85022->85024 85023->85024 85025 4299c4 CreateFileW 85023->85025 85024->85012 85025->85024 85026 4299ea 85025->85026 85071 40e0d0 SetFilePointerEx SetFilePointerEx 85026->85071 85028 4299f5 85028->85024 85030 453063 111 API calls 85029->85030 85031 4734d7 85030->85031 85032 473545 85031->85032 85033 47350c 85031->85033 85072 463c42 85032->85072 85034 4092c0 VariantClear 85033->85034 85040 473514 85034->85040 85036 473558 85037 47355c 85036->85037 85054 473595 85036->85054 85039 4092c0 VariantClear 85037->85039 85038 473616 85085 463d7e 85038->85085 85048 473564 85039->85048 85040->85012 85042 473622 85044 473697 85042->85044 85045 47362c 85042->85045 85043 453063 111 API calls 85043->85054 85117 457838 85044->85117 85047 4092c0 VariantClear 85045->85047 85051 473634 85047->85051 85048->85012 85051->85012 85053 473655 85056 4092c0 VariantClear 85053->85056 85054->85038 85054->85043 85054->85053 85129 462f5a 87 API calls __wcsicoll 85054->85129 85067 47365d 85056->85067 85057 4736b0 85130 45e62e 116 API calls 3 library calls 85057->85130 85058 4736c9 85131 40e7e0 76 API calls 85058->85131 85061 4736ba GetCurrentProcess TerminateProcess 85061->85058 85062 4736db 85068 4736ff 85062->85068 85132 40d030 76 API calls 85062->85132 85064 4736f1 85133 46b945 134 API calls 2 library calls 85064->85133 85067->85012 85070 473731 85068->85070 85134 40d030 76 API calls 85068->85134 85135 46b945 134 API calls 2 library calls 85068->85135 85070->85012 85071->85028 85136 45335b 76 API calls 85072->85136 85074 463c5d 85137 442c52 80 API calls _wcslen 85074->85137 85076 463c72 85084 463cac 85076->85084 85138 40c060 85076->85138 85081 463ca4 85144 40c740 85081->85144 85082 463cf7 85082->85036 85084->85082 85149 462f5a 87 API calls __wcsicoll 85084->85149 85086 453063 111 API calls 85085->85086 85087 463d99 85086->85087 85088 463de0 85087->85088 85089 463dca 85087->85089 85158 40c760 78 API calls 85088->85158 85157 453081 111 API calls 85089->85157 85092 463de7 85107 463e19 85092->85107 85159 40c760 78 API calls 85092->85159 85093 463dd0 LoadLibraryW 85094 463e09 85093->85094 85096 463e3e 85094->85096 85094->85107 85098 463e4e 85096->85098 85099 463e7b 85096->85099 85097 463dfb 85097->85107 85160 40c760 78 API calls 85097->85160 85161 40d500 75 API calls 85098->85161 85163 40c760 78 API calls 85099->85163 85103 463e57 85162 45efe7 77 API calls ctype 85103->85162 85104 463e82 GetProcAddress 85108 463e90 85104->85108 85106 463e62 GetProcAddress 85109 463e79 85106->85109 85107->85042 85108->85107 85108->85109 85109->85108 85164 403470 75 API calls _realloc 85109->85164 85111 463eb4 85165 40d500 75 API calls 85111->85165 85113 463ebd 85166 45efe7 77 API calls ctype 85113->85166 85115 463ec8 GetProcAddress 85167 401330 ctype 85115->85167 85118 457a4c 85117->85118 85124 45785f _strcat _wcslen _wcscpy ctype 85117->85124 85125 410d40 85118->85125 85119 443576 78 API calls 85119->85124 85120 40c760 78 API calls 85120->85124 85121 4138ba 67 API calls _malloc 85121->85124 85122 453081 111 API calls 85122->85124 85124->85118 85124->85119 85124->85120 85124->85121 85124->85122 85168 40f580 85124->85168 85127 410d55 85125->85127 85126 410ded VirtualProtect 85128 410dbb 85126->85128 85127->85126 85127->85128 85128->85057 85128->85058 85129->85054 85130->85061 85131->85062 85132->85064 85133->85068 85134->85068 85135->85068 85136->85074 85137->85076 85139 41171a 75 API calls 85138->85139 85140 40c088 85139->85140 85141 41171a 75 API calls 85140->85141 85142 40c096 85141->85142 85143 4608ce 75 API calls _realloc 85142->85143 85143->85081 85145 40c752 85144->85145 85146 40c747 85144->85146 85145->85084 85146->85145 85150 402ae0 85146->85150 85148 42a572 _realloc 85148->85084 85149->85082 85151 42a06a 85150->85151 85152 402aef 85150->85152 85153 401380 75 API calls 85151->85153 85152->85148 85154 42a072 85153->85154 85155 41171a 75 API calls 85154->85155 85156 42a095 _realloc 85155->85156 85156->85148 85157->85093 85158->85092 85159->85097 85160->85094 85161->85103 85162->85106 85163->85104 85164->85111 85165->85113 85166->85115 85167->85107 85169 429440 85168->85169 85170 40f589 _wcslen 85168->85170 85171 40f58f WideCharToMultiByte 85170->85171 85172 40f5d8 85171->85172 85173 40f5ad 85171->85173 85172->85124 85174 41171a 75 API calls 85173->85174 85175 40f5bb WideCharToMultiByte 85174->85175 85175->85124 85176 4034b0 85177 4034b9 85176->85177 85178 4034bd 85176->85178 85179 42a0ba 85178->85179 85180 41171a 75 API calls 85178->85180 85181 4034fe _realloc ctype 85180->85181 85182 416193 85219 41718c 85182->85219 85184 41619f GetStartupInfoW 85186 4161c2 85184->85186 85220 41aa31 HeapCreate 85186->85220 85188 416212 85222 416e29 GetModuleHandleW 85188->85222 85192 416223 __RTC_Initialize 85256 41b669 85192->85256 85195 416231 85196 41623d GetCommandLineW 85195->85196 85324 4117af 67 API calls 3 library calls 85195->85324 85271 42235f GetEnvironmentStringsW 85196->85271 85199 41623c 85199->85196 85200 41624c 85277 4222b1 GetModuleFileNameW 85200->85277 85202 416256 85203 416261 85202->85203 85325 4117af 67 API calls 3 library calls 85202->85325 85281 422082 85203->85281 85209 416272 85294 41186e 85209->85294 85210 416279 85212 416284 __wwincmdln 85210->85212 85327 4117af 67 API calls 3 library calls 85210->85327 85300 40d7f0 85212->85300 85215 4162b3 85329 411a4b 67 API calls _doexit 85215->85329 85218 4162b8 _ftell 85219->85184 85221 416206 85220->85221 85221->85188 85322 41616a 67 API calls 3 library calls 85221->85322 85223 416e44 85222->85223 85224 416e3d 85222->85224 85226 416fac 85223->85226 85227 416e4e GetProcAddress GetProcAddress GetProcAddress GetProcAddress 85223->85227 85330 41177f Sleep GetModuleHandleW 85224->85330 85340 416ad5 70 API calls 2 library calls 85226->85340 85229 416e97 TlsAlloc 85227->85229 85228 416e43 85228->85223 85232 416218 85229->85232 85233 416ee5 TlsSetValue 85229->85233 85232->85192 85323 41616a 67 API calls 3 library calls 85232->85323 85233->85232 85234 416ef6 85233->85234 85331 411a69 6 API calls 4 library calls 85234->85331 85236 416efb 85237 41696e __encode_pointer 6 API calls 85236->85237 85238 416f06 85237->85238 85239 41696e __encode_pointer 6 API calls 85238->85239 85240 416f16 85239->85240 85241 41696e __encode_pointer 6 API calls 85240->85241 85242 416f26 85241->85242 85243 41696e __encode_pointer 6 API calls 85242->85243 85244 416f36 85243->85244 85332 41828b InitializeCriticalSectionAndSpinCount __alloc_osfhnd 85244->85332 85246 416f43 85246->85226 85247 4169e9 __decode_pointer 6 API calls 85246->85247 85248 416f57 85247->85248 85248->85226 85333 416ffb 85248->85333 85251 4169e9 __decode_pointer 6 API calls 85252 416f8a 85251->85252 85252->85226 85253 416f91 85252->85253 85339 416b12 67 API calls 5 library calls 85253->85339 85255 416f99 GetCurrentThreadId 85255->85232 85359 41718c 85256->85359 85258 41b675 GetStartupInfoA 85259 416ffb __calloc_crt 67 API calls 85258->85259 85266 41b696 85259->85266 85260 41b8b4 _ftell 85260->85195 85261 41b831 GetStdHandle 85265 41b7fb 85261->85265 85262 41b896 SetHandleCount 85262->85260 85263 416ffb __calloc_crt 67 API calls 85263->85266 85264 41b843 GetFileType 85264->85265 85265->85260 85265->85261 85265->85262 85265->85264 85361 4189e6 InitializeCriticalSectionAndSpinCount _ftell 85265->85361 85266->85260 85266->85263 85266->85265 85267 41b77e 85266->85267 85267->85260 85267->85265 85268 41b7a7 GetFileType 85267->85268 85360 4189e6 InitializeCriticalSectionAndSpinCount _ftell 85267->85360 85268->85267 85272 422370 85271->85272 85273 422374 85271->85273 85272->85200 85274 416fb6 __malloc_crt 67 API calls 85273->85274 85276 422395 _realloc 85274->85276 85275 42239c FreeEnvironmentStringsW 85275->85200 85276->85275 85278 4222e6 _wparse_cmdline 85277->85278 85279 416fb6 __malloc_crt 67 API calls 85278->85279 85280 422329 _wparse_cmdline 85278->85280 85279->85280 85280->85202 85282 42209a _wcslen 85281->85282 85286 416267 85281->85286 85283 416ffb __calloc_crt 67 API calls 85282->85283 85289 4220be _wcslen 85283->85289 85284 422123 85285 413a88 __freefls@4 67 API calls 85284->85285 85285->85286 85286->85209 85326 4117af 67 API calls 3 library calls 85286->85326 85287 416ffb __calloc_crt 67 API calls 85287->85289 85288 422149 85290 413a88 __freefls@4 67 API calls 85288->85290 85289->85284 85289->85286 85289->85287 85289->85288 85292 422108 85289->85292 85362 426349 67 API calls _ftell 85289->85362 85290->85286 85292->85289 85363 417d93 10 API calls 3 library calls 85292->85363 85295 41187c __IsNonwritableInCurrentImage 85294->85295 85364 418486 85295->85364 85297 41189a __initterm_e 85298 411421 __cinit 74 API calls 85297->85298 85299 4118b9 __IsNonwritableInCurrentImage __initterm 85297->85299 85298->85299 85299->85210 85301 431bcb 85300->85301 85302 40d80c 85300->85302 85303 4092c0 VariantClear 85302->85303 85304 40d847 85303->85304 85368 40eb50 85304->85368 85309 40d888 85372 411b24 67 API calls _ftell 85309->85372 85311 40d877 85371 411ac6 67 API calls 4 library calls 85311->85371 85312 40d891 85373 40f370 SystemParametersInfoW SystemParametersInfoW 85312->85373 85314 40d89f 85374 40d6d0 GetCurrentDirectoryW 85314->85374 85316 40d8a7 SystemParametersInfoW 85317 40d8cd 85316->85317 85318 4092c0 VariantClear 85317->85318 85319 40d8dd 85318->85319 85320 4092c0 VariantClear 85319->85320 85321 40d8e6 85320->85321 85321->85215 85328 411a1f 67 API calls _doexit 85321->85328 85322->85188 85323->85192 85324->85199 85325->85203 85326->85209 85327->85212 85328->85215 85329->85218 85330->85228 85331->85236 85332->85246 85334 417004 85333->85334 85336 416f70 85334->85336 85337 417022 Sleep 85334->85337 85341 422452 85334->85341 85336->85226 85336->85251 85338 417037 85337->85338 85338->85334 85338->85336 85339->85255 85340->85232 85342 42245e _ftell 85341->85342 85343 422476 85342->85343 85353 422495 _memset 85342->85353 85354 417f23 67 API calls __getptd_noexit 85343->85354 85345 42247b 85355 417ebb 6 API calls 2 library calls 85345->85355 85347 422507 HeapAlloc 85347->85353 85348 42248b _ftell 85348->85334 85350 418407 __lock 66 API calls 85350->85353 85353->85347 85353->85348 85353->85350 85356 41a74c 5 API calls 2 library calls 85353->85356 85357 42254e LeaveCriticalSection _doexit 85353->85357 85358 411afc 6 API calls __decode_pointer 85353->85358 85354->85345 85356->85353 85357->85353 85358->85353 85359->85258 85360->85267 85361->85265 85362->85289 85363->85292 85365 41848c 85364->85365 85366 41696e __encode_pointer 6 API calls 85365->85366 85367 4184a4 85365->85367 85366->85365 85367->85297 85412 40eb70 85368->85412 85371->85309 85372->85312 85373->85314 85416 401f80 85374->85416 85376 40d6f1 IsDebuggerPresent 85377 431a9d MessageBoxA 85376->85377 85378 40d6ff 85376->85378 85379 431ab6 85377->85379 85378->85379 85380 40d71f 85378->85380 85518 403e90 75 API calls 3 library calls 85379->85518 85486 40f3b0 85380->85486 85384 40d73a GetFullPathNameW 85516 401440 127 API calls _wcscat 85384->85516 85386 40d77a 85387 40d782 85386->85387 85389 431b09 SetCurrentDirectoryW 85386->85389 85388 40d78b 85387->85388 85519 43604b 6 API calls 85387->85519 85498 4101f0 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 85388->85498 85389->85387 85393 431b28 85393->85388 85394 431b30 GetModuleFileNameW 85393->85394 85396 431ba4 GetForegroundWindow ShellExecuteW 85394->85396 85397 431b4c 85394->85397 85400 40d7c7 85396->85400 85520 401b70 85397->85520 85398 40d795 85406 40d7a8 85398->85406 85506 40e1e0 85398->85506 85404 40d7d1 SetCurrentDirectoryW 85400->85404 85404->85316 85405 431b66 85527 40d3b0 75 API calls 2 library calls 85405->85527 85406->85400 85517 401000 Shell_NotifyIconW _memset 85406->85517 85409 431b72 GetForegroundWindow ShellExecuteW 85410 431b9f 85409->85410 85410->85400 85411 40eba0 LoadLibraryA GetProcAddress 85411->85311 85413 40d86e 85412->85413 85414 40eb76 LoadLibraryA 85412->85414 85413->85311 85413->85411 85414->85413 85415 40eb87 GetProcAddress 85414->85415 85415->85413 85528 40e680 85416->85528 85420 401fa2 GetModuleFileNameW 85546 40ff90 85420->85546 85422 401fbd 85558 4107b0 85422->85558 85425 401b70 75 API calls 85426 401fe4 85425->85426 85561 4019e0 85426->85561 85428 401ff2 85429 4092c0 VariantClear 85428->85429 85430 402002 85429->85430 85431 401b70 75 API calls 85430->85431 85432 40201c 85431->85432 85433 4019e0 76 API calls 85432->85433 85434 40202c 85433->85434 85435 401b70 75 API calls 85434->85435 85436 40203c 85435->85436 85569 40c3e0 85436->85569 85438 40204d 85439 40c060 75 API calls 85438->85439 85440 402061 85439->85440 85587 401a70 85440->85587 85442 40206e 85594 4115d0 85442->85594 85445 42c174 85447 401a70 75 API calls 85445->85447 85446 402088 85448 4115d0 __wcsicoll 79 API calls 85446->85448 85449 42c189 85447->85449 85450 402093 85448->85450 85452 401a70 75 API calls 85449->85452 85450->85449 85451 40209e 85450->85451 85453 4115d0 __wcsicoll 79 API calls 85451->85453 85454 42c1a7 85452->85454 85455 4020a9 85453->85455 85456 42c1b0 GetModuleFileNameW 85454->85456 85455->85456 85457 4020b4 85455->85457 85459 401a70 75 API calls 85456->85459 85458 4115d0 __wcsicoll 79 API calls 85457->85458 85460 4020bf 85458->85460 85461 42c1e2 85459->85461 85462 402107 85460->85462 85465 42c20a _wcscpy 85460->85465 85468 401a70 75 API calls 85460->85468 85606 40df50 75 API calls 85461->85606 85464 402119 85462->85464 85462->85465 85467 42c243 85464->85467 85602 40e7e0 76 API calls 85464->85602 85473 401a70 75 API calls 85465->85473 85466 42c1f1 85469 401a70 75 API calls 85466->85469 85471 4020e5 _wcscpy 85468->85471 85472 42c201 85469->85472 85476 401a70 75 API calls 85471->85476 85472->85465 85481 402148 85473->85481 85474 402132 85603 40d030 76 API calls 85474->85603 85476->85462 85477 40213e 85478 4092c0 VariantClear 85477->85478 85478->85481 85479 402184 85483 4092c0 VariantClear 85479->85483 85481->85479 85484 401a70 75 API calls 85481->85484 85604 40d030 76 API calls 85481->85604 85605 40e640 76 API calls 85481->85605 85485 402196 ctype 85483->85485 85484->85481 85485->85376 85487 40f3c9 85486->85487 85489 42ccf4 _memset 85486->85489 86294 40ffb0 76 API calls ctype 85487->86294 85491 42cd05 GetOpenFileNameW 85489->85491 85490 40f3d2 86295 410130 SHGetMalloc 85490->86295 85491->85487 85493 40d732 85491->85493 85493->85384 85493->85386 85494 40f3d9 86300 410020 88 API calls __wcsicoll 85494->86300 85496 40f3e7 86301 40f400 85496->86301 85499 42b9d3 85498->85499 85500 41025a LoadImageW RegisterClassExW 85498->85500 86341 443e8f EnumResourceNamesW LoadImageW 85499->86341 86340 4102f0 7 API calls 85500->86340 85503 40d790 85505 4103e0 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 85503->85505 85504 42b9da 85505->85398 85508 40e207 _memset 85506->85508 85507 40e262 85509 40e2a4 85507->85509 86364 43737d 84 API calls __wcsicoll 85507->86364 85508->85507 85510 42aa14 DestroyIcon 85508->85510 85512 40e2c0 Shell_NotifyIconW 85509->85512 85513 42aa50 Shell_NotifyIconW 85509->85513 85510->85507 86342 401be0 85512->86342 85515 40e2da 85515->85406 85516->85386 85517->85400 85518->85386 85519->85393 85521 401b76 _wcslen 85520->85521 85522 41171a 75 API calls 85521->85522 85525 401bc5 85521->85525 85523 401bad _realloc 85522->85523 85524 41171a 75 API calls 85523->85524 85524->85525 85526 40d3b0 75 API calls 2 library calls 85525->85526 85526->85405 85527->85409 85529 40c060 75 API calls 85528->85529 85530 401f90 85529->85530 85531 402940 85530->85531 85532 40294a __write_nolock 85531->85532 85607 4021e0 85532->85607 85535 402972 85545 4029a4 85535->85545 85619 401cf0 85535->85619 85536 402ae0 75 API calls 85536->85545 85537 402a8c 85538 401b70 75 API calls 85537->85538 85544 402abe 85537->85544 85540 402ab3 85538->85540 85539 401b70 75 API calls 85539->85545 85623 40d970 75 API calls 2 library calls 85540->85623 85542 401cf0 75 API calls 85542->85545 85544->85420 85545->85536 85545->85537 85545->85539 85545->85542 85622 40d970 75 API calls 2 library calls 85545->85622 85625 40f5e0 85546->85625 85549 40ffa6 85549->85422 85551 42b6d8 85554 42b6e6 85551->85554 85681 434fe1 85551->85681 85553 413a88 __freefls@4 67 API calls 85555 42b6f5 85553->85555 85554->85553 85556 434fe1 106 API calls 85555->85556 85557 42b702 85556->85557 85557->85422 85559 41171a 75 API calls 85558->85559 85560 401fd6 85559->85560 85560->85425 85562 401a03 85561->85562 85567 4019e5 85561->85567 85563 401a1a 85562->85563 85562->85567 86283 404260 76 API calls 85563->86283 85565 4019ff 85565->85428 85566 401a26 85566->85428 85567->85565 86282 404260 76 API calls 85567->86282 85570 40c3e4 85569->85570 85571 40c42c 85569->85571 85574 40c3f0 85570->85574 85575 42a475 85570->85575 85572 42a422 85571->85572 85573 40c435 85571->85573 85576 42a427 85572->85576 85577 42a445 85572->85577 85578 40c441 85573->85578 85579 42a455 85573->85579 86284 4042f0 75 API calls __cinit 85574->86284 86289 453155 75 API calls 85575->86289 85585 40c3fb 85576->85585 86286 453155 75 API calls 85576->86286 86287 453155 75 API calls 85577->86287 86285 4042f0 75 API calls __cinit 85578->86285 86288 453155 75 API calls 85579->86288 85585->85438 85588 401a90 85587->85588 85589 401a77 85587->85589 85590 4021e0 75 API calls 85588->85590 85591 401a8d 85589->85591 86290 404080 75 API calls _realloc 85589->86290 85592 401a9c 85590->85592 85591->85442 85592->85442 85595 4115e1 85594->85595 85596 411650 85594->85596 85601 40207d 85595->85601 86291 417f23 67 API calls __getptd_noexit 85595->86291 86293 4114bf 79 API calls 3 library calls 85596->86293 85599 4115ed 86292 417ebb 6 API calls 2 library calls 85599->86292 85601->85445 85601->85446 85602->85474 85603->85477 85604->85481 85605->85481 85606->85466 85608 4021f1 _wcslen 85607->85608 85609 42a598 85607->85609 85611 402205 85608->85611 85612 402226 85608->85612 85610 40c740 75 API calls 85609->85610 85614 42a5a2 85610->85614 85624 404020 75 API calls ctype 85611->85624 85613 401380 75 API calls 85612->85613 85616 40222d 85613->85616 85616->85614 85618 41171a 75 API calls 85616->85618 85617 40220c _realloc 85617->85535 85618->85617 85620 402ae0 75 API calls 85619->85620 85621 401cf7 85620->85621 85621->85535 85622->85545 85623->85544 85624->85617 85626 40f580 77 API calls 85625->85626 85627 40f5f8 _strcat ctype 85626->85627 85685 40f6d0 85627->85685 85632 42b2ee 85714 4151b0 85632->85714 85634 40f679 85634->85632 85635 40f681 85634->85635 85701 414e94 85635->85701 85639 40f68b 85639->85549 85644 452574 85639->85644 85641 42b31d 85720 415484 85641->85720 85643 42b33d 85645 41557c _fseek 105 API calls 85644->85645 85646 4525df 85645->85646 86221 4523ce 85646->86221 85649 4525fc 85649->85551 85650 4151b0 __fread_nolock 81 API calls 85651 45261d 85650->85651 85652 4151b0 __fread_nolock 81 API calls 85651->85652 85653 45262e 85652->85653 85654 4151b0 __fread_nolock 81 API calls 85653->85654 85655 452649 85654->85655 85656 4151b0 __fread_nolock 81 API calls 85655->85656 85657 452666 85656->85657 85658 41557c _fseek 105 API calls 85657->85658 85659 452682 85658->85659 85660 4138ba _malloc 67 API calls 85659->85660 85661 45268e 85660->85661 85662 4138ba _malloc 67 API calls 85661->85662 85663 45269b 85662->85663 85664 4151b0 __fread_nolock 81 API calls 85663->85664 85665 4526ac 85664->85665 85666 44afdc GetSystemTimeAsFileTime 85665->85666 85667 4526bf 85666->85667 85668 4526d5 85667->85668 85669 4526fd 85667->85669 85670 413a88 __freefls@4 67 API calls 85668->85670 85671 452704 85669->85671 85672 45275b 85669->85672 85675 4526df 85670->85675 86227 44b195 85671->86227 85674 413a88 __freefls@4 67 API calls 85672->85674 85679 452759 85674->85679 85677 413a88 __freefls@4 67 API calls 85675->85677 85676 452753 85678 413a88 __freefls@4 67 API calls 85676->85678 85680 4526e8 85677->85680 85678->85679 85679->85551 85680->85551 85682 434ff1 85681->85682 85683 434feb 85681->85683 85682->85554 85684 414e94 __fcloseall 106 API calls 85683->85684 85684->85682 85686 40f6dd _strlen 85685->85686 85733 40f790 85686->85733 85689 414e06 85752 414d40 85689->85752 85691 40f666 85691->85632 85692 40f450 85691->85692 85696 40f45a _strcat _realloc __write_nolock 85692->85696 85693 4151b0 __fread_nolock 81 API calls 85693->85696 85695 42936d 85697 41557c _fseek 105 API calls 85695->85697 85696->85693 85696->85695 85700 40f531 85696->85700 85835 41557c 85696->85835 85698 429394 85697->85698 85699 4151b0 __fread_nolock 81 API calls 85698->85699 85699->85700 85700->85634 85702 414ea0 _ftell 85701->85702 85703 414ed1 85702->85703 85704 414eb4 85702->85704 85706 415965 __lock_file 68 API calls 85703->85706 85713 414ec9 _ftell 85703->85713 85974 417f23 67 API calls __getptd_noexit 85704->85974 85708 414ee9 85706->85708 85707 414eb9 85975 417ebb 6 API calls 2 library calls 85707->85975 85958 414e1d 85708->85958 85713->85639 86043 41511a 85714->86043 85716 4151c8 85717 44afdc 85716->85717 86214 4431e0 85717->86214 85719 44affd 85719->85641 85721 415490 _ftell 85720->85721 85722 4154bb 85721->85722 85723 41549e 85721->85723 85724 415965 __lock_file 68 API calls 85722->85724 86218 417f23 67 API calls __getptd_noexit 85723->86218 85726 4154c3 85724->85726 85728 4152e7 __ftell_nolock 71 API calls 85726->85728 85727 4154a3 86219 417ebb 6 API calls 2 library calls 85727->86219 85730 4154cf 85728->85730 86220 4154e8 LeaveCriticalSection LeaveCriticalSection _fseek 85730->86220 85732 4154b3 _ftell 85732->85643 85734 40f7ae _memset 85733->85734 85736 40f628 85734->85736 85737 415258 85734->85737 85736->85689 85738 415285 85737->85738 85739 415268 85737->85739 85738->85739 85741 41528c 85738->85741 85748 417f23 67 API calls __getptd_noexit 85739->85748 85750 41c551 103 API calls 14 library calls 85741->85750 85742 41526d 85749 417ebb 6 API calls 2 library calls 85742->85749 85745 4152b2 85746 41527d 85745->85746 85751 4191c9 101 API calls 6 library calls 85745->85751 85746->85734 85748->85742 85750->85745 85751->85746 85753 414d4c _ftell 85752->85753 85754 414d5f 85753->85754 85757 414d95 85753->85757 85804 417f23 67 API calls __getptd_noexit 85754->85804 85756 414d64 85805 417ebb 6 API calls 2 library calls 85756->85805 85771 41e28c 85757->85771 85760 414d9a 85761 414da1 85760->85761 85762 414dae 85760->85762 85806 417f23 67 API calls __getptd_noexit 85761->85806 85764 414dd6 85762->85764 85765 414db6 85762->85765 85789 41dfd8 85764->85789 85807 417f23 67 API calls __getptd_noexit 85765->85807 85768 414d74 _ftell @_EH4_CallFilterFunc@8 85768->85691 85772 41e298 _ftell 85771->85772 85773 418407 __lock 67 API calls 85772->85773 85774 41e2a6 85773->85774 85775 41e322 85774->85775 85782 418344 __mtinitlocknum 67 API calls 85774->85782 85784 41e31b 85774->85784 85812 4159a6 68 API calls __lock 85774->85812 85813 415a14 LeaveCriticalSection LeaveCriticalSection _doexit 85774->85813 85777 416fb6 __malloc_crt 67 API calls 85775->85777 85778 41e32c 85777->85778 85778->85784 85814 4189e6 InitializeCriticalSectionAndSpinCount _ftell 85778->85814 85780 41e3b0 _ftell 85780->85760 85782->85774 85783 41e351 85785 41e35c 85783->85785 85786 41e36f EnterCriticalSection 85783->85786 85809 41e3bb 85784->85809 85788 413a88 __freefls@4 67 API calls 85785->85788 85786->85784 85788->85784 85797 41dffb __wopenfile 85789->85797 85790 41e015 85819 417f23 67 API calls __getptd_noexit 85790->85819 85791 41e1e9 85791->85790 85794 41e247 85791->85794 85793 41e01a 85820 417ebb 6 API calls 2 library calls 85793->85820 85816 425db0 85794->85816 85797->85790 85797->85791 85821 4136bc 79 API calls 2 library calls 85797->85821 85800 41e1e2 85800->85791 85822 4136bc 79 API calls 2 library calls 85800->85822 85802 41e201 85802->85791 85823 4136bc 79 API calls 2 library calls 85802->85823 85804->85756 85806->85768 85807->85768 85808 414dfc LeaveCriticalSection LeaveCriticalSection _fseek 85808->85768 85815 41832d LeaveCriticalSection 85809->85815 85811 41e3c2 85811->85780 85812->85774 85813->85774 85814->85783 85815->85811 85824 425ce4 85816->85824 85818 414de1 85818->85808 85819->85793 85821->85800 85822->85802 85823->85791 85827 425cf0 _ftell 85824->85827 85825 425d03 85826 417f23 _ftell 67 API calls 85825->85826 85828 425d08 85826->85828 85827->85825 85829 425d41 85827->85829 85830 417ebb _ftell 6 API calls 85828->85830 85831 4255c4 __tsopen_nolock 132 API calls 85829->85831 85834 425d17 _ftell 85830->85834 85832 425d5b 85831->85832 85833 425d82 __sopen_helper LeaveCriticalSection 85832->85833 85833->85834 85834->85818 85839 415588 _ftell 85835->85839 85836 415596 85866 417f23 67 API calls __getptd_noexit 85836->85866 85838 4155c4 85848 415965 85838->85848 85839->85836 85839->85838 85840 41559b 85867 417ebb 6 API calls 2 library calls 85840->85867 85847 4155ab _ftell 85847->85696 85849 415977 85848->85849 85850 415999 EnterCriticalSection 85848->85850 85849->85850 85851 41597f 85849->85851 85852 4155cc 85850->85852 85853 418407 __lock 67 API calls 85851->85853 85854 4154f2 85852->85854 85853->85852 85855 415512 85854->85855 85856 415502 85854->85856 85858 415524 85855->85858 85869 4152e7 85855->85869 85923 417f23 67 API calls __getptd_noexit 85856->85923 85886 41486c 85858->85886 85865 415507 85868 4155f7 LeaveCriticalSection LeaveCriticalSection _fseek 85865->85868 85866->85840 85868->85847 85870 41531a 85869->85870 85871 4152fa 85869->85871 85872 41453a __fileno 67 API calls 85870->85872 85924 417f23 67 API calls __getptd_noexit 85871->85924 85874 415320 85872->85874 85877 41efd4 __locking 71 API calls 85874->85877 85875 4152ff 85925 417ebb 6 API calls 2 library calls 85875->85925 85878 415335 85877->85878 85879 4153a9 85878->85879 85881 415364 85878->85881 85885 41530f 85878->85885 85926 417f23 67 API calls __getptd_noexit 85879->85926 85882 41efd4 __locking 71 API calls 85881->85882 85881->85885 85883 415404 85882->85883 85884 41efd4 __locking 71 API calls 85883->85884 85883->85885 85884->85885 85885->85858 85887 414885 85886->85887 85891 4148a7 85886->85891 85888 41453a __fileno 67 API calls 85887->85888 85887->85891 85889 4148a0 85888->85889 85927 41c3cf 101 API calls 5 library calls 85889->85927 85892 41453a 85891->85892 85893 41455e 85892->85893 85894 414549 85892->85894 85898 41efd4 85893->85898 85928 417f23 67 API calls __getptd_noexit 85894->85928 85896 41454e 85929 417ebb 6 API calls 2 library calls 85896->85929 85899 41efe0 _ftell 85898->85899 85900 41f003 85899->85900 85901 41efe8 85899->85901 85902 41f011 85900->85902 85908 41f052 85900->85908 85950 417f36 67 API calls __getptd_noexit 85901->85950 85952 417f36 67 API calls __getptd_noexit 85902->85952 85904 41efed 85951 417f23 67 API calls __getptd_noexit 85904->85951 85907 41f016 85953 417f23 67 API calls __getptd_noexit 85907->85953 85930 41ba3b 85908->85930 85911 41f058 85913 41f065 85911->85913 85914 41f07b 85911->85914 85912 41f01d 85954 417ebb 6 API calls 2 library calls 85912->85954 85940 41ef5f 85913->85940 85955 417f23 67 API calls __getptd_noexit 85914->85955 85918 41eff5 _ftell 85918->85865 85919 41f073 85957 41f0a6 LeaveCriticalSection __unlock_fhandle 85919->85957 85920 41f080 85956 417f36 67 API calls __getptd_noexit 85920->85956 85923->85865 85924->85875 85926->85885 85927->85891 85928->85896 85931 41ba47 _ftell 85930->85931 85932 41baa2 85931->85932 85933 418407 __lock 67 API calls 85931->85933 85934 41bac4 _ftell 85932->85934 85935 41baa7 EnterCriticalSection 85932->85935 85937 41ba73 85933->85937 85934->85911 85935->85934 85936 41ba8a 85939 41bad2 ___lock_fhandle LeaveCriticalSection 85936->85939 85937->85936 85938 4189e6 __alloc_osfhnd InitializeCriticalSectionAndSpinCount 85937->85938 85938->85936 85939->85932 85941 41b9c4 __close_nolock 67 API calls 85940->85941 85942 41ef6e 85941->85942 85943 41ef84 SetFilePointer 85942->85943 85944 41ef74 85942->85944 85945 41ef9b GetLastError 85943->85945 85948 41efa3 85943->85948 85946 417f23 _ftell 67 API calls 85944->85946 85945->85948 85947 41ef79 85946->85947 85947->85919 85948->85947 85949 417f49 __dosmaperr 67 API calls 85948->85949 85949->85947 85950->85904 85951->85918 85952->85907 85953->85912 85955->85920 85956->85919 85957->85918 85959 414e31 85958->85959 85960 414e4d 85958->85960 86004 417f23 67 API calls __getptd_noexit 85959->86004 85963 41486c __flush 101 API calls 85960->85963 85972 414e46 85960->85972 85962 414e36 86005 417ebb 6 API calls 2 library calls 85962->86005 85965 414e59 85963->85965 85977 41e680 85965->85977 85968 41453a __fileno 67 API calls 85969 414e67 85968->85969 85981 41e5b3 85969->85981 85971 414e6d 85971->85972 85973 413a88 __freefls@4 67 API calls 85971->85973 85976 414f08 LeaveCriticalSection LeaveCriticalSection _fseek 85972->85976 85973->85972 85974->85707 85976->85713 85978 41e690 85977->85978 85980 414e61 85977->85980 85979 413a88 __freefls@4 67 API calls 85978->85979 85978->85980 85979->85980 85980->85968 85982 41e5bf _ftell 85981->85982 85983 41e5e2 85982->85983 85984 41e5c7 85982->85984 85986 41e5f0 85983->85986 85989 41e631 85983->85989 86021 417f36 67 API calls __getptd_noexit 85984->86021 86023 417f36 67 API calls __getptd_noexit 85986->86023 85987 41e5cc 86022 417f23 67 API calls __getptd_noexit 85987->86022 85992 41ba3b ___lock_fhandle 68 API calls 85989->85992 85991 41e5f5 86024 417f23 67 API calls __getptd_noexit 85991->86024 85994 41e637 85992->85994 85996 41e652 85994->85996 85997 41e644 85994->85997 85995 41e5fc 86025 417ebb 6 API calls 2 library calls 85995->86025 86026 417f23 67 API calls __getptd_noexit 85996->86026 86006 41e517 85997->86006 86001 41e5d4 _ftell 86001->85971 86002 41e64c 86027 41e676 LeaveCriticalSection __unlock_fhandle 86002->86027 86004->85962 86028 41b9c4 86006->86028 86008 41e527 86009 41e57d 86008->86009 86010 41e55b 86008->86010 86013 41b9c4 __close_nolock 67 API calls 86008->86013 86041 41b93e 68 API calls 2 library calls 86009->86041 86010->86009 86014 41b9c4 __close_nolock 67 API calls 86010->86014 86012 41e585 86015 41e5a7 86012->86015 86042 417f49 67 API calls 3 library calls 86012->86042 86016 41e552 86013->86016 86017 41e567 CloseHandle 86014->86017 86015->86002 86019 41b9c4 __close_nolock 67 API calls 86016->86019 86017->86009 86020 41e573 GetLastError 86017->86020 86019->86010 86020->86009 86021->85987 86022->86001 86023->85991 86024->85995 86026->86002 86027->86001 86029 41b9d1 86028->86029 86030 41b9e9 86028->86030 86031 417f36 __free_osfhnd 67 API calls 86029->86031 86033 417f36 __free_osfhnd 67 API calls 86030->86033 86040 41ba2e 86030->86040 86032 41b9d6 86031->86032 86034 417f23 _ftell 67 API calls 86032->86034 86035 41ba17 86033->86035 86036 41b9de 86034->86036 86037 417f23 _ftell 67 API calls 86035->86037 86036->86008 86038 41ba1e 86037->86038 86039 417ebb _ftell 6 API calls 86038->86039 86039->86040 86040->86008 86041->86012 86042->86015 86044 415126 _ftell 86043->86044 86045 41513a _memset 86044->86045 86046 41516f 86044->86046 86047 415164 _ftell 86044->86047 86072 417f23 67 API calls __getptd_noexit 86045->86072 86048 415965 __lock_file 68 API calls 86046->86048 86047->85716 86050 415177 86048->86050 86056 414f10 86050->86056 86052 415154 86073 417ebb 6 API calls 2 library calls 86052->86073 86057 414f4c 86056->86057 86059 414f2e _memset 86056->86059 86074 4151a6 LeaveCriticalSection LeaveCriticalSection _fseek 86057->86074 86058 414f37 86125 417f23 67 API calls __getptd_noexit 86058->86125 86059->86057 86059->86058 86063 414f8b 86059->86063 86063->86057 86064 4150a9 _memset 86063->86064 86065 41453a __fileno 67 API calls 86063->86065 86067 4150d5 _memset 86063->86067 86075 41ed9e 86063->86075 86105 41e6b1 86063->86105 86127 41ee9b 67 API calls 3 library calls 86063->86127 86128 417f23 67 API calls __getptd_noexit 86064->86128 86065->86063 86129 417f23 67 API calls __getptd_noexit 86067->86129 86071 414f3c 86126 417ebb 6 API calls 2 library calls 86071->86126 86072->86052 86074->86047 86076 41edaa _ftell 86075->86076 86077 41edb2 86076->86077 86078 41edcd 86076->86078 86199 417f36 67 API calls __getptd_noexit 86077->86199 86079 41eddb 86078->86079 86084 41ee1c 86078->86084 86201 417f36 67 API calls __getptd_noexit 86079->86201 86082 41edb7 86200 417f23 67 API calls __getptd_noexit 86082->86200 86083 41ede0 86202 417f23 67 API calls __getptd_noexit 86083->86202 86087 41ee29 86084->86087 86088 41ee3d 86084->86088 86204 417f36 67 API calls __getptd_noexit 86087->86204 86089 41ba3b ___lock_fhandle 68 API calls 86088->86089 86092 41ee43 86089->86092 86090 41ede7 86203 417ebb 6 API calls 2 library calls 86090->86203 86095 41ee50 86092->86095 86096 41ee66 86092->86096 86093 41ee2e 86205 417f23 67 API calls __getptd_noexit 86093->86205 86094 41edbf _ftell 86094->86063 86130 41e7dc 86095->86130 86206 417f23 67 API calls __getptd_noexit 86096->86206 86101 41ee5e 86208 41ee91 LeaveCriticalSection __unlock_fhandle 86101->86208 86102 41ee6b 86207 417f36 67 API calls __getptd_noexit 86102->86207 86106 41e6c1 86105->86106 86111 41e6de 86105->86111 86212 417f23 67 API calls __getptd_noexit 86106->86212 86108 41e6d6 86108->86063 86109 41e6c6 86213 417ebb 6 API calls 2 library calls 86109->86213 86111->86108 86112 41e713 86111->86112 86209 423600 86111->86209 86114 41453a __fileno 67 API calls 86112->86114 86115 41e727 86114->86115 86116 41ed9e __read 79 API calls 86115->86116 86117 41e72e 86116->86117 86117->86108 86118 41453a __fileno 67 API calls 86117->86118 86119 41e751 86118->86119 86119->86108 86120 41453a __fileno 67 API calls 86119->86120 86121 41e75d 86120->86121 86121->86108 86122 41453a __fileno 67 API calls 86121->86122 86123 41e769 86122->86123 86124 41453a __fileno 67 API calls 86123->86124 86124->86108 86125->86071 86127->86063 86128->86071 86129->86071 86131 41e813 86130->86131 86132 41e7f8 86130->86132 86133 41e822 86131->86133 86135 41e849 86131->86135 86134 417f36 __free_osfhnd 67 API calls 86132->86134 86136 417f36 __free_osfhnd 67 API calls 86133->86136 86137 41e7fd 86134->86137 86139 41e868 86135->86139 86150 41e87c 86135->86150 86138 41e827 86136->86138 86140 417f23 _ftell 67 API calls 86137->86140 86142 417f23 _ftell 67 API calls 86138->86142 86143 417f36 __free_osfhnd 67 API calls 86139->86143 86151 41e805 86140->86151 86141 41e8d4 86145 417f36 __free_osfhnd 67 API calls 86141->86145 86144 41e82e 86142->86144 86146 41e86d 86143->86146 86147 417ebb _ftell 6 API calls 86144->86147 86148 41e8d9 86145->86148 86149 417f23 _ftell 67 API calls 86146->86149 86147->86151 86152 417f23 _ftell 67 API calls 86148->86152 86153 41e874 86149->86153 86150->86141 86150->86151 86154 41e8b0 86150->86154 86156 41e8f5 86150->86156 86151->86101 86152->86153 86155 417ebb _ftell 6 API calls 86153->86155 86154->86141 86159 41e8bb ReadFile 86154->86159 86155->86151 86158 416fb6 __malloc_crt 67 API calls 86156->86158 86160 41e90b 86158->86160 86161 41ed62 GetLastError 86159->86161 86162 41e9e7 86159->86162 86165 41e931 86160->86165 86166 41e913 86160->86166 86163 41ebe8 86161->86163 86164 41ed6f 86161->86164 86162->86161 86169 41e9fb 86162->86169 86173 417f49 __dosmaperr 67 API calls 86163->86173 86178 41eb6d 86163->86178 86167 417f23 _ftell 67 API calls 86164->86167 86170 423462 __lseeki64_nolock 69 API calls 86165->86170 86168 417f23 _ftell 67 API calls 86166->86168 86171 41ed74 86167->86171 86172 41e918 86168->86172 86169->86178 86179 41ea17 86169->86179 86182 41ec2d 86169->86182 86174 41e93d 86170->86174 86175 417f36 __free_osfhnd 67 API calls 86171->86175 86176 417f36 __free_osfhnd 67 API calls 86172->86176 86173->86178 86174->86159 86175->86178 86176->86151 86177 413a88 __freefls@4 67 API calls 86177->86151 86178->86151 86178->86177 86180 41ea7d ReadFile 86179->86180 86187 41eafa 86179->86187 86185 41ea9b GetLastError 86180->86185 86190 41eaa5 86180->86190 86181 41eca5 ReadFile 86183 41ecc4 GetLastError 86181->86183 86191 41ecce 86181->86191 86182->86178 86182->86181 86183->86182 86183->86191 86184 41ebbe MultiByteToWideChar 86184->86178 86186 41ebe2 GetLastError 86184->86186 86185->86179 86185->86190 86186->86163 86187->86178 86188 41eb75 86187->86188 86189 41eb68 86187->86189 86195 41eb32 86187->86195 86188->86195 86196 41ebac 86188->86196 86192 417f23 _ftell 67 API calls 86189->86192 86190->86179 86193 423462 __lseeki64_nolock 69 API calls 86190->86193 86191->86182 86194 423462 __lseeki64_nolock 69 API calls 86191->86194 86192->86178 86193->86190 86194->86191 86195->86184 86197 423462 __lseeki64_nolock 69 API calls 86196->86197 86198 41ebbb 86197->86198 86198->86184 86199->86082 86200->86094 86201->86083 86202->86090 86204->86093 86205->86090 86206->86102 86207->86101 86208->86094 86210 416fb6 __malloc_crt 67 API calls 86209->86210 86211 423615 86210->86211 86211->86112 86212->86109 86217 414cef GetSystemTimeAsFileTime __aulldiv 86214->86217 86216 4431ef 86216->85719 86217->86216 86218->85727 86220->85732 86225 4523e1 _wcscpy 86221->86225 86222 4151b0 81 API calls __fread_nolock 86222->86225 86223 44afdc GetSystemTimeAsFileTime 86223->86225 86224 452553 86224->85649 86224->85650 86225->86222 86225->86223 86225->86224 86226 41557c 105 API calls _fseek 86225->86226 86226->86225 86228 44b1b4 86227->86228 86229 44b1a6 86227->86229 86231 44b1ca 86228->86231 86232 414e06 138 API calls 86228->86232 86233 44b1c2 86228->86233 86230 414e06 138 API calls 86229->86230 86230->86228 86262 4352d1 81 API calls 2 library calls 86231->86262 86235 44b2c1 86232->86235 86233->85676 86235->86231 86237 44b2cf 86235->86237 86236 44b20d 86238 44b211 86236->86238 86239 44b23b 86236->86239 86240 44b2dc 86237->86240 86242 414e94 __fcloseall 106 API calls 86237->86242 86241 44b21e 86238->86241 86244 414e94 __fcloseall 106 API calls 86238->86244 86263 43526e 86239->86263 86240->85676 86246 414e94 __fcloseall 106 API calls 86241->86246 86250 44b22e 86241->86250 86242->86240 86244->86241 86245 44b242 86247 44b270 86245->86247 86248 44b248 86245->86248 86246->86250 86273 44b0af 111 API calls 86247->86273 86251 44b255 86248->86251 86252 414e94 __fcloseall 106 API calls 86248->86252 86250->85676 86253 44b265 86251->86253 86255 414e94 __fcloseall 106 API calls 86251->86255 86252->86251 86253->85676 86254 44b276 86274 43522c 86254->86274 86255->86253 86258 44b289 86259 44b299 86258->86259 86261 414e94 __fcloseall 106 API calls 86258->86261 86259->85676 86260 414e94 __fcloseall 106 API calls 86260->86258 86261->86259 86262->86236 86264 4138ba _malloc 67 API calls 86263->86264 86265 43527d 86264->86265 86266 4138ba _malloc 67 API calls 86265->86266 86267 43528d 86266->86267 86268 4138ba _malloc 67 API calls 86267->86268 86269 43529d 86268->86269 86270 43522c 67 API calls 86269->86270 86271 4352bc 86269->86271 86272 4352c8 86270->86272 86271->86245 86272->86245 86273->86254 86275 435241 86274->86275 86276 43523b 86274->86276 86278 413a88 __freefls@4 67 API calls 86275->86278 86280 435254 86275->86280 86277 413a88 __freefls@4 67 API calls 86276->86277 86277->86275 86278->86280 86279 435267 86279->86258 86279->86260 86280->86279 86281 413a88 __freefls@4 67 API calls 86280->86281 86281->86279 86282->85565 86283->85566 86284->85585 86285->85585 86286->85585 86287->85579 86288->85585 86289->85585 86290->85591 86291->85599 86293->85601 86294->85490 86296 410148 SHGetDesktopFolder 86295->86296 86299 4101a3 _wcscpy 86295->86299 86297 41015a _wcscpy 86296->86297 86296->86299 86298 41018a SHGetPathFromIDListW 86297->86298 86297->86299 86298->86299 86299->85494 86300->85496 86302 40f5e0 152 API calls 86301->86302 86303 40f417 86302->86303 86304 42ca37 86303->86304 86306 40f42c 86303->86306 86307 42ca1f 86303->86307 86305 452574 140 API calls 86304->86305 86308 42ca50 86305->86308 86332 4037e0 139 API calls 7 library calls 86306->86332 86333 43717f 110 API calls _printf 86307->86333 86311 42ca76 86308->86311 86312 42ca54 86308->86312 86316 41171a 75 API calls 86311->86316 86315 434fe1 106 API calls 86312->86315 86313 40f446 86313->85493 86314 42ca2d 86314->86304 86317 42ca5e 86315->86317 86331 42cacc ctype 86316->86331 86334 43717f 110 API calls _printf 86317->86334 86319 42ca6c 86319->86311 86320 42ccc3 86321 413a88 __freefls@4 67 API calls 86320->86321 86322 42cccd 86321->86322 86323 434fe1 106 API calls 86322->86323 86324 42ccda 86323->86324 86328 401b70 75 API calls 86328->86331 86331->86320 86331->86328 86335 445051 75 API calls _realloc 86331->86335 86336 44c80c 87 API calls 3 library calls 86331->86336 86337 44b408 75 API calls 86331->86337 86338 402cc0 75 API calls 2 library calls 86331->86338 86339 4026a0 75 API calls ctype 86331->86339 86332->86313 86333->86314 86334->86319 86335->86331 86336->86331 86337->86331 86338->86331 86339->86331 86340->85503 86341->85504 86343 401bfb 86342->86343 86363 401cde 86342->86363 86344 4013a0 75 API calls 86343->86344 86345 401c0b 86344->86345 86346 42a9a0 LoadStringW 86345->86346 86347 401c18 86345->86347 86349 42a9bb 86346->86349 86348 4021e0 75 API calls 86347->86348 86350 401c2d 86348->86350 86366 40df50 75 API calls 86349->86366 86352 401c3a 86350->86352 86353 42a9cd 86350->86353 86352->86349 86354 401c44 86352->86354 86367 40d3b0 75 API calls 2 library calls 86353->86367 86365 40d3b0 75 API calls 2 library calls 86354->86365 86357 42a9dc 86358 42a9f0 86357->86358 86359 401c53 _memset _wcscpy _wcsncpy 86357->86359 86368 40d3b0 75 API calls 2 library calls 86358->86368 86362 401cc2 Shell_NotifyIconW 86359->86362 86361 42a9fe 86362->86363 86363->85515 86364->85509 86365->86359 86366->86359 86367->86357 86368->86361 86369 4031530 86383 402f180 86369->86383 86371 40315da 86386 4031420 86371->86386 86373 4031603 CreateFileW 86375 4031657 86373->86375 86376 4031652 86373->86376 86375->86376 86377 403166e VirtualAlloc 86375->86377 86377->86376 86378 403168c ReadFile 86377->86378 86378->86376 86379 40316a7 86378->86379 86380 4030420 13 API calls 86379->86380 86381 40316da 86380->86381 86382 40316fd ExitProcess 86381->86382 86382->86376 86389 4032600 GetPEB 86383->86389 86385 402f80b 86385->86371 86387 4031429 Sleep 86386->86387 86388 4031437 86387->86388 86390 403262a 86389->86390 86390->86385 84657 444343 84660 444326 84657->84660 84659 44434e WriteFile 84661 444340 84660->84661 84662 4442c7 84660->84662 84661->84659 84667 40e190 SetFilePointerEx 84662->84667 84664 4442e0 SetFilePointerEx 84668 40e190 SetFilePointerEx 84664->84668 84666 4442ff 84666->84659 84667->84664 84668->84666 86391 4031adb 86394 4031750 86391->86394 86393 4031b27 86395 402f180 GetPEB 86394->86395 86404 40317ef 86395->86404 86397 4031820 CreateFileW 86399 403182d 86397->86399 86397->86404 86398 4031849 VirtualAlloc 86398->86399 86400 403186a ReadFile 86398->86400 86401 4031a4a 86399->86401 86402 4031a3c VirtualFree 86399->86402 86400->86399 86403 4031888 VirtualAlloc 86400->86403 86401->86393 86402->86401 86403->86399 86403->86404 86404->86398 86404->86399 86405 4031950 CloseHandle 86404->86405 86406 4031960 VirtualFree 86404->86406 86407 4032660 GetPEB 86404->86407 86405->86404 86406->86404 86408 403268a 86407->86408 86408->86397 84669 46d22f 84672 46d098 84669->84672 84671 46d241 84673 46d0b5 84672->84673 84674 46d115 84673->84674 84675 46d0b9 84673->84675 84739 45c216 78 API calls 84674->84739 84716 41171a 84675->84716 84679 46d126 84681 46d0f8 84679->84681 84687 46d142 84679->84687 84680 46d0cc 84729 453063 84680->84729 84735 4092c0 84681->84735 84684 46d0fd 84684->84671 84688 46d1c8 84687->84688 84691 46d158 84687->84691 84749 4676a3 78 API calls 84688->84749 84694 453063 111 API calls 84691->84694 84692 46d0ea 84692->84687 84695 46d0ee 84692->84695 84693 46d1ce 84750 4444c2 SetFilePointerEx SetFilePointerEx WriteFile 84693->84750 84703 46d15e 84694->84703 84695->84681 84734 44ade5 CloseHandle ctype 84695->84734 84696 46d18d 84740 467fce 82 API calls 84696->84740 84700 46d196 84741 4013a0 84700->84741 84701 46d1e7 84705 4092c0 VariantClear 84701->84705 84715 46d194 84701->84715 84703->84696 84703->84700 84705->84715 84707 46d1ac 84747 40d3b0 75 API calls 2 library calls 84707->84747 84709 46d224 84709->84671 84710 46d1b8 84748 467fce 82 API calls 84710->84748 84711 40d900 CloseHandle 84712 46d216 84711->84712 84751 44ade5 CloseHandle ctype 84712->84751 84715->84709 84715->84711 84718 411724 84716->84718 84719 41173e 84718->84719 84723 411740 std::bad_alloc::bad_alloc 84718->84723 84752 4138ba 84718->84752 84770 411afc 6 API calls __decode_pointer 84718->84770 84719->84680 84728 40d940 76 API calls 84719->84728 84721 411766 84774 4116fd 67 API calls std::exception::exception 84721->84774 84723->84721 84771 411421 84723->84771 84724 411770 84775 41805b RaiseException 84724->84775 84727 41177e 84728->84680 84730 45306e 84729->84730 84731 45307a 84729->84731 84730->84731 84913 452e2a 111 API calls 5 library calls 84730->84913 84733 40dfa0 83 API calls 84731->84733 84733->84692 84734->84681 84736 4092c8 ctype 84735->84736 84737 429db0 VariantClear 84736->84737 84738 4092d5 ctype 84736->84738 84737->84738 84738->84684 84739->84679 84740->84715 84742 41171a 75 API calls 84741->84742 84743 4013c4 84742->84743 84914 401380 84743->84914 84746 40df50 75 API calls 84746->84707 84747->84710 84748->84715 84749->84693 84750->84701 84751->84709 84753 41396d 84752->84753 84759 4138cc 84752->84759 84783 411afc 6 API calls __decode_pointer 84753->84783 84755 413973 84784 417f23 67 API calls __getptd_noexit 84755->84784 84758 413965 84758->84718 84759->84758 84762 413929 RtlAllocateHeap 84759->84762 84763 4138dd 84759->84763 84765 413959 84759->84765 84768 41395e 84759->84768 84779 41386b 67 API calls 4 library calls 84759->84779 84780 411afc 6 API calls __decode_pointer 84759->84780 84762->84759 84763->84759 84776 418252 67 API calls 2 library calls 84763->84776 84777 4180a7 67 API calls 7 library calls 84763->84777 84778 411803 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84763->84778 84781 417f23 67 API calls __getptd_noexit 84765->84781 84782 417f23 67 API calls __getptd_noexit 84768->84782 84770->84718 84785 4113e5 84771->84785 84773 41142e 84773->84721 84774->84724 84775->84727 84776->84763 84777->84763 84779->84759 84780->84759 84781->84768 84782->84758 84783->84755 84784->84758 84786 4113f1 _ftell 84785->84786 84793 41181b 84786->84793 84792 411412 _ftell 84792->84773 84819 418407 84793->84819 84795 4113f6 84796 4112fa 84795->84796 84884 4169e9 TlsGetValue 84796->84884 84799 4169e9 __decode_pointer 6 API calls 84800 41131e 84799->84800 84801 4113a1 84800->84801 84894 4170e7 68 API calls 4 library calls 84800->84894 84816 41141b 84801->84816 84803 41133c 84804 411388 84803->84804 84806 411357 84803->84806 84807 411366 84803->84807 84805 41696e __encode_pointer 6 API calls 84804->84805 84808 411396 84805->84808 84895 417047 73 API calls _realloc 84806->84895 84807->84801 84810 411360 84807->84810 84811 41696e __encode_pointer 6 API calls 84808->84811 84810->84807 84813 41137c 84810->84813 84896 417047 73 API calls _realloc 84810->84896 84811->84801 84897 41696e TlsGetValue 84813->84897 84814 411376 84814->84801 84814->84813 84909 411824 84816->84909 84820 41841c 84819->84820 84821 41842f EnterCriticalSection 84819->84821 84826 418344 84820->84826 84821->84795 84823 418422 84823->84821 84854 4117af 67 API calls 3 library calls 84823->84854 84825 41842e 84825->84821 84827 418350 _ftell 84826->84827 84828 418360 84827->84828 84829 418378 84827->84829 84855 418252 67 API calls 2 library calls 84828->84855 84835 418386 _ftell 84829->84835 84858 416fb6 84829->84858 84831 418365 84856 4180a7 67 API calls 7 library calls 84831->84856 84835->84823 84836 41836c 84857 411803 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84836->84857 84837 4183a7 84840 418407 __lock 67 API calls 84837->84840 84838 418398 84864 417f23 67 API calls __getptd_noexit 84838->84864 84842 4183ae 84840->84842 84844 4183e2 84842->84844 84845 4183b6 84842->84845 84847 413a88 __freefls@4 67 API calls 84844->84847 84865 4189e6 InitializeCriticalSectionAndSpinCount _ftell 84845->84865 84853 4183d3 84847->84853 84848 4183c1 84848->84853 84866 413a88 84848->84866 84851 4183cd 84879 417f23 67 API calls __getptd_noexit 84851->84879 84880 4183fe LeaveCriticalSection _doexit 84853->84880 84854->84825 84855->84831 84856->84836 84861 416fbf 84858->84861 84859 4138ba _malloc 66 API calls 84859->84861 84860 416ff5 84860->84837 84860->84838 84861->84859 84861->84860 84862 416fd6 Sleep 84861->84862 84863 416feb 84862->84863 84863->84860 84863->84861 84864->84835 84865->84848 84868 413a94 _ftell 84866->84868 84867 413b0d _realloc _ftell 84867->84851 84868->84867 84869 418407 __lock 65 API calls 84868->84869 84878 413ad3 84868->84878 84875 413aab ___sbh_find_block 84869->84875 84870 413ae8 RtlFreeHeap 84870->84867 84871 413afa 84870->84871 84883 417f23 67 API calls __getptd_noexit 84871->84883 84873 413aff GetLastError 84873->84867 84874 413ac5 84882 413ade LeaveCriticalSection _doexit 84874->84882 84875->84874 84881 419f9d __VEC_memcpy VirtualFree VirtualFree HeapFree __shift 84875->84881 84878->84867 84878->84870 84879->84853 84880->84835 84881->84874 84882->84878 84883->84873 84885 416a01 84884->84885 84886 416a22 GetModuleHandleW 84884->84886 84885->84886 84887 416a0b TlsGetValue 84885->84887 84888 416a32 84886->84888 84889 416a3d GetProcAddress 84886->84889 84892 416a16 84887->84892 84907 41177f Sleep GetModuleHandleW 84888->84907 84891 41130e 84889->84891 84891->84799 84892->84886 84892->84891 84893 416a38 84893->84889 84893->84891 84894->84803 84895->84810 84896->84814 84898 4169a7 GetModuleHandleW 84897->84898 84899 416986 84897->84899 84901 4169c2 GetProcAddress 84898->84901 84902 4169b7 84898->84902 84899->84898 84900 416990 TlsGetValue 84899->84900 84905 41699b 84900->84905 84904 41699f 84901->84904 84908 41177f Sleep GetModuleHandleW 84902->84908 84904->84804 84905->84898 84905->84904 84906 4169bd 84906->84901 84906->84904 84907->84893 84908->84906 84912 41832d LeaveCriticalSection 84909->84912 84911 411420 84911->84792 84912->84911 84913->84731 84915 41171a 75 API calls 84914->84915 84916 401387 84915->84916 84916->84746 86409 42919b 86414 40ef10 86409->86414 86412 411421 __cinit 74 API calls 86413 4291aa 86412->86413 86415 41171a 75 API calls 86414->86415 86416 40ef17 86415->86416 86417 42ad48 86416->86417 86422 40ef40 74 API calls __cinit 86416->86422 86419 40ef2a 86423 40e470 86419->86423 86422->86419 86424 40c060 75 API calls 86423->86424 86425 40e483 GetVersionExW 86424->86425 86426 4021e0 75 API calls 86425->86426 86427 40e4bb 86426->86427 86449 40e600 86427->86449 86433 42accc 86435 42ad28 GetSystemInfo 86433->86435 86439 42ad38 GetSystemInfo 86435->86439 86436 40e557 GetCurrentProcess 86469 40ee30 LoadLibraryA GetProcAddress 86436->86469 86437 40e56c 86437->86439 86462 40eee0 86437->86462 86442 40e5c9 86466 40eea0 86442->86466 86445 40e5e0 86447 40e5f1 FreeLibrary 86445->86447 86448 40e5f4 86445->86448 86446 40e5dd FreeLibrary 86446->86445 86447->86448 86448->86412 86450 40e60b 86449->86450 86451 40c740 75 API calls 86450->86451 86452 40e4c2 86451->86452 86453 40e620 86452->86453 86455 40e62a 86453->86455 86454 42ac93 86455->86454 86456 40c740 75 API calls 86455->86456 86457 40e4ce 86456->86457 86457->86433 86458 40ee70 86457->86458 86459 40e551 86458->86459 86460 40ee76 LoadLibraryA 86458->86460 86459->86436 86459->86437 86460->86459 86461 40ee87 GetProcAddress 86460->86461 86461->86459 86463 40e5bf 86462->86463 86464 40eee6 LoadLibraryA 86462->86464 86463->86435 86463->86442 86464->86463 86465 40eef7 GetProcAddress 86464->86465 86465->86463 86470 40eec0 LoadLibraryA GetProcAddress 86466->86470 86468 40e5d3 GetNativeSystemInfo 86468->86445 86468->86446 86469->86437 86470->86468 84917 40116e 84918 401119 DefWindowProcW 84917->84918

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 0040D6D0 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 141windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?,00000001,?,00000000), ref: 0040D6E5
                                                                                                                                                                                                                          • Part of subcall function 00401F80: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,00000104,?,?,?,?,00000000), ref: 00401FAD
                                                                                                                                                                                                                          • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 00402078
                                                                                                                                                                                                                          • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 0040208E
                                                                                                                                                                                                                          • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 004020A4
                                                                                                                                                                                                                          • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 004020BA
                                                                                                                                                                                                                          • Part of subcall function 00401F80: _wcscpy.LIBCMT ref: 004020EF
                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?), ref: 0040D6F1
                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,00000104,?,004A7CF8,004A7CFC), ref: 0040D763
                                                                                                                                                                                                                          • Part of subcall function 00401440: GetFullPathNameW.KERNEL32(?,00000104,?,00000000), ref: 00401483
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,00000001,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,00000004), ref: 0040D7D6
                                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,004846D6,00000010), ref: 00431AAB
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,00000004), ref: 00431B0E
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,00000004), ref: 00431B3F
                                                                                                                                                                                                                        • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 00431B8B
                                                                                                                                                                                                                        • ShellExecuteW.SHELL32(00000000), ref: 00431B92
                                                                                                                                                                                                                          • Part of subcall function 004101F0: GetSysColorBrush.USER32(0000000F), ref: 004101F9
                                                                                                                                                                                                                          • Part of subcall function 004101F0: LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                                                                                                                                                                                                                          • Part of subcall function 004101F0: LoadIconW.USER32(?,00000063), ref: 0041021F
                                                                                                                                                                                                                          • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A4), ref: 00410232
                                                                                                                                                                                                                          • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A2), ref: 00410245
                                                                                                                                                                                                                          • Part of subcall function 004101F0: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                                                                                                                                                                                                                          • Part of subcall function 004101F0: RegisterClassExW.USER32 ref: 004102C6
                                                                                                                                                                                                                          • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                                                                                                                                                                                                                          • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                                                                                                                                                                                                                          • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 00410454
                                                                                                                                                                                                                          • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 0041045E
                                                                                                                                                                                                                          • Part of subcall function 0040E1E0: _memset.LIBCMT ref: 0040E202
                                                                                                                                                                                                                          • Part of subcall function 0040E1E0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memset_wcscpy
                                                                                                                                                                                                                        • String ID: @GH$@GH$C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                                                                                                                        • API String ID: 2493088469-2835358850
                                                                                                                                                                                                                        • Opcode ID: ba2e87c3f8820592b330de56266d8528cb530a4dab1fa245838381ec475db17a
                                                                                                                                                                                                                        • Instruction ID: f6e0ab4c143dd9a1f797559286fb6c41f0380d60009eb7dc722615656bf0e84e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba2e87c3f8820592b330de56266d8528cb530a4dab1fa245838381ec475db17a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0341F731618341ABD320F7A19C49BAF3BA4AB96704F04493FF941672D1DBBC9949C72E
                                                                                                                                                                                                                        Function 0040E470 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 138 40e470-40e500 call 40c060 GetVersionExW call 4021e0 call 40e600 call 40e620 147 40e506-40e509 138->147 148 42accc-42acd1 138->148 151 40e540-40e555 call 40ee70 147->151 152 40e50b-40e51c 147->152 149 42acd3-42acdb 148->149 150 42acdd-42ace0 148->150 153 42ad12-42ad20 149->153 154 42ace2-42aceb 150->154 155 42aced-42acf0 150->155 169 40e557-40e573 GetCurrentProcess call 40ee30 151->169 170 40e579-40e5a8 151->170 156 40e522-40e525 152->156 157 42ac9b-42aca7 152->157 168 42ad28-42ad2d GetSystemInfo 153->168 154->153 155->153 161 42acf2-42ad06 155->161 156->151 162 40e527-40e537 156->162 159 42acb2-42acba 157->159 160 42aca9-42acad 157->160 159->151 160->151 164 42ad08-42ad0c 161->164 165 42ad0e 161->165 166 42acbf-42acc7 162->166 167 40e53d 162->167 164->153 165->153 166->151 167->151 172 42ad38-42ad3d GetSystemInfo 168->172 169->170 179 40e575 169->179 170->172 173 40e5ae-40e5c3 call 40eee0 170->173 173->168 178 40e5c9-40e5db call 40eea0 GetNativeSystemInfo 173->178 182 40e5e0-40e5ef 178->182 183 40e5dd-40e5de FreeLibrary 178->183 179->170 184 40e5f1-40e5f2 FreeLibrary 182->184 185 40e5f4-40e5ff 182->185 183->182 184->185
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetVersionExW.KERNEL32 ref: 0040E495
                                                                                                                                                                                                                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?), ref: 0040E560
                                                                                                                                                                                                                        • GetNativeSystemInfo.KERNELBASE(?,?), ref: 0040E5D3
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 0040E5DE
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 0040E5F2
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_wcslen
                                                                                                                                                                                                                        • String ID: pMH$#v
                                                                                                                                                                                                                        • API String ID: 2923339712-1800489730
                                                                                                                                                                                                                        • Opcode ID: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                                                                                                                                                                                                                        • Instruction ID: 31d199e0849a18b4fe3a20375a839c17b1fda7a8e5a404adfed2e153d323e8b3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4612E71508792AEC311CB69C44425ABFE07B6A308F580E6EE48483A42D379E568C7AB
                                                                                                                                                                                                                        Function 0040EB70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EB55,0040D86E), ref: 0040EB7B
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EB8D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID: IsThemeActive$uxtheme.dll
                                                                                                                                                                                                                        • API String ID: 2574300362-3542929980
                                                                                                                                                                                                                        • Opcode ID: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                                                                                                                                                                                                                        • Instruction ID: e8120cabfd18d8fe06d2f96d8b82b2b5a4bcadd10797c678d2963416b1e4c3b8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05D0C9B49407039AD7306F72C918B0A7BE4AB50342F204C3EF996A1694DBBCD0508B28
                                                                                                                                                                                                                        Function 00410B90 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 167registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00410C44
                                                                                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00410C61
                                                                                                                                                                                                                          • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                        • _wcsncat.LIBCMT ref: 00410C78
                                                                                                                                                                                                                        • __wmakepath.LIBCMT ref: 00410C94
                                                                                                                                                                                                                          • Part of subcall function 00413E3C: __wmakepath_s.LIBCMT ref: 00413E52
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 00410CCC
                                                                                                                                                                                                                        • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00020019,?), ref: 00410CE9
                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32 ref: 00429BE4
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 00429C43
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00429C55
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00429C66
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 00429C80
                                                                                                                                                                                                                        • _wcsncpy.LIBCMT ref: 00429CC0
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00429CDE
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcscat_wcslen$CloseException@8FileModuleNameOpenQueryThrowValue__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpystd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: Include$Software\AutoIt v3\AutoIt$\
                                                                                                                                                                                                                        • API String ID: 1004883554-2276155026
                                                                                                                                                                                                                        • Opcode ID: d7f6643cad26fd3001d91627fc5ef1af4f656d40d4c5ca14c02d7ab544e78cf5
                                                                                                                                                                                                                        • Instruction ID: ef4714a7fd58501e566ba693257e1f196c1b97611c18bc9c35ab262cfa7686fb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7f6643cad26fd3001d91627fc5ef1af4f656d40d4c5ca14c02d7ab544e78cf5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B961B3B1508340DFC300EF65EC8599BBBE8FB99704F44882EF544C3261EBB59948CB5A
                                                                                                                                                                                                                        Function 004523CE Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __fread_nolock$_fseek_wcscpy
                                                                                                                                                                                                                        • String ID: FILE
                                                                                                                                                                                                                        • API String ID: 3888824918-3121273764
                                                                                                                                                                                                                        • Opcode ID: e8200e6015bbe3313da03f0c122791b2111f624a8fcd35516e511649d5e709ac
                                                                                                                                                                                                                        • Instruction ID: c0f9aeb359a44d31a21a8716142a7f32772eb03c7b5129f1ec28ea3a2d041f76
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8200e6015bbe3313da03f0c122791b2111f624a8fcd35516e511649d5e709ac
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D541EFB1504300BBD310EB55CC81FEB73A9AFC8718F54491EFA8457181F679E644C7AA
                                                                                                                                                                                                                        Function 004102F0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetSysColorBrush.USER32 ref: 00410326
                                                                                                                                                                                                                        • RegisterClassExW.USER32 ref: 00410359
                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                                                                                                                                                                                                                        • InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                                                                                                                                                                                                                        • LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                                                                                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(00981948,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                        • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                        • Opcode ID: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                                                                                                                                                                                                                        • Instruction ID: c8c51aded5b6d43d10953d3ded2c15c159303f3bf9a059b11759766ceadcbce4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F2129B4518301AFD340DF64D888B4EBFF4FB89704F008A2EF685962A0E7B58144CF5A
                                                                                                                                                                                                                        Function 004101F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 74windowregistryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 004101F9
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                                                                                                                                                                                                                        • LoadIconW.USER32(?,00000063), ref: 0041021F
                                                                                                                                                                                                                        • LoadIconW.USER32(?,000000A4), ref: 00410232
                                                                                                                                                                                                                        • LoadIconW.USER32(?,000000A2), ref: 00410245
                                                                                                                                                                                                                        • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                                                                                                                                                                                                                        • RegisterClassExW.USER32 ref: 004102C6
                                                                                                                                                                                                                          • Part of subcall function 004102F0: GetSysColorBrush.USER32 ref: 00410326
                                                                                                                                                                                                                          • Part of subcall function 004102F0: RegisterClassExW.USER32 ref: 00410359
                                                                                                                                                                                                                          • Part of subcall function 004102F0: RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                                                                                                                                                                                                                          • Part of subcall function 004102F0: InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                                                                                                                                                                                                                          • Part of subcall function 004102F0: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                                                                                                                                                                                                                          • Part of subcall function 004102F0: LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                                                                                                                                                                                                                          • Part of subcall function 004102F0: ImageList_ReplaceIcon.COMCTL32(00981948,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                        • String ID: #$0$PGH
                                                                                                                                                                                                                        • API String ID: 423443420-3673556320
                                                                                                                                                                                                                        • Opcode ID: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                                                                                                                                                                                                                        • Instruction ID: 6be78a7d21e01e6533eb66d2751721d4fd39e3055bf34e10baa21603515e7cea
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60216DB5A18300AFD310CF59EC84A4A7FE4FB99710F00497FF648972A0D7B599408B99
                                                                                                                                                                                                                        Function 00452574 Relevance: 13.7, APIs: 9, Instructions: 171COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _fseek.LIBCMT ref: 004525DA
                                                                                                                                                                                                                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
                                                                                                                                                                                                                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
                                                                                                                                                                                                                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
                                                                                                                                                                                                                          • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
                                                                                                                                                                                                                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
                                                                                                                                                                                                                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
                                                                                                                                                                                                                          • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 00452618
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 00452629
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 00452644
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 00452661
                                                                                                                                                                                                                        • _fseek.LIBCMT ref: 0045267D
                                                                                                                                                                                                                        • _malloc.LIBCMT ref: 00452689
                                                                                                                                                                                                                        • _malloc.LIBCMT ref: 00452696
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 004526A7
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __fread_nolock$_fseek_malloc_wcscpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1911931848-0
                                                                                                                                                                                                                        • Opcode ID: 07c7d1d11592908342a612a25e8a5e33943486726a22accfdf27b608027379a0
                                                                                                                                                                                                                        • Instruction ID: daf5751c9f96f1f9c2235ce4d63c31b1673d17b5fb5ed0b9a51dc370059b243a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07c7d1d11592908342a612a25e8a5e33943486726a22accfdf27b608027379a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47514CB1A08340AFD310DF5AD881A9BF7E9FFC8704F40492EF68887241D77AE5448B5A
                                                                                                                                                                                                                        Function 0040F450 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 228 40f450-40f45c call 425210 231 40f460-40f478 228->231 231->231 232 40f47a-40f4a8 call 413990 call 410f70 231->232 237 40f4b0-40f4d1 call 4151b0 232->237 240 40f531 237->240 241 40f4d3-40f4da 237->241 244 40f536-40f540 240->244 242 40f4dc-40f4de 241->242 243 40f4fd-40f517 call 41557c 241->243 245 40f4e0-40f4e2 242->245 248 40f51c-40f51f 243->248 247 40f4e6-40f4ed 245->247 249 40f521-40f52c 247->249 250 40f4ef-40f4f2 247->250 248->237 253 40f543-40f54e 249->253 254 40f52e-40f52f 249->254 251 42937a-4293a0 call 41557c call 4151b0 250->251 252 40f4f8-40f4fb 250->252 265 4293a5-4293c3 call 4151d0 251->265 252->243 252->245 255 40f550-40f553 253->255 256 40f555-40f560 253->256 254->250 255->250 258 429372 256->258 259 40f566-40f571 256->259 258->251 261 429361-429367 259->261 262 40f577-40f57a 259->262 261->247 264 42936d 261->264 262->250 264->258 265->244
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __fread_nolock_fseek_strcat
                                                                                                                                                                                                                        • String ID: AU3!$EA06
                                                                                                                                                                                                                        • API String ID: 3818483258-2658333250
                                                                                                                                                                                                                        • Opcode ID: 61a815b4762265f9d00ad5303640aa958846bc8ab5516fbcebd88596bc1aced3
                                                                                                                                                                                                                        • Instruction ID: a326fe91d6bb541f17a8cee8b09d92be642ba4032c5aa5fe266a96c6f27d1a6c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61a815b4762265f9d00ad5303640aa958846bc8ab5516fbcebd88596bc1aced3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B416C7160C340ABC331DA24C841AEB77A59B95308F68087EF5C597683E578E44A876B
                                                                                                                                                                                                                        Function 00410130 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 268 410130-410142 SHGetMalloc 269 410148-410158 SHGetDesktopFolder 268->269 270 42944f-429459 call 411691 268->270 271 4101d1-4101e0 269->271 272 41015a-410188 call 411691 269->272 271->270 278 4101e6-4101ee 271->278 280 4101c5-4101ce 272->280 281 41018a-4101a1 SHGetPathFromIDListW 272->281 280->271 282 4101a3-4101b1 call 411691 281->282 283 4101b4-4101c0 281->283 282->283 283->280
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcscpy$DesktopFolderFromListMallocPath
                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe
                                                                                                                                                                                                                        • API String ID: 192938534-325072773
                                                                                                                                                                                                                        • Opcode ID: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                                                                                                                                                                                                                        • Instruction ID: 2fe23ff91bf644c1e681f842d3c1e96d6f0f177144f23c1ad52f1bdc7517ad48
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 822179B5604211AFC210EB64DC84DABB3ECEFC8704F14891DF94987210E739ED46CBA6
                                                                                                                                                                                                                        Function 04031750 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 286 4031750-40317fe call 402f180 289 4031805-403182b call 4032660 CreateFileW 286->289 292 4031832-4031842 289->292 293 403182d 289->293 298 4031844 292->298 299 4031849-4031863 VirtualAlloc 292->299 294 403197d-4031981 293->294 296 40319c3-40319c6 294->296 297 4031983-4031987 294->297 300 40319c9-40319d0 296->300 301 4031993-4031997 297->301 302 4031989-403198c 297->302 298->294 305 4031865 299->305 306 403186a-4031881 ReadFile 299->306 307 40319d2-40319dd 300->307 308 4031a25-4031a3a 300->308 303 40319a7-40319ab 301->303 304 4031999-40319a3 301->304 302->301 311 40319bb 303->311 312 40319ad-40319b7 303->312 304->303 305->294 313 4031883 306->313 314 4031888-40318c8 VirtualAlloc 306->314 315 40319e1-40319ed 307->315 316 40319df 307->316 309 4031a4a-4031a52 308->309 310 4031a3c-4031a47 VirtualFree 308->310 310->309 311->296 312->311 313->294 317 40318ca 314->317 318 40318cf-40318ea call 40328b0 314->318 319 4031a01-4031a0d 315->319 320 40319ef-40319ff 315->320 316->308 317->294 326 40318f5-40318ff 318->326 321 4031a1a-4031a20 319->321 322 4031a0f-4031a18 319->322 324 4031a23 320->324 321->324 322->324 324->300 327 4031932-4031946 call 40326c0 326->327 328 4031901-4031930 call 40328b0 326->328 334 403194a-403194e 327->334 335 4031948 327->335 328->326 336 4031950-4031954 CloseHandle 334->336 337 403195a-403195e 334->337 335->294 336->337 338 4031960-403196b VirtualFree 337->338 339 403196e-4031977 337->339 338->339 339->289 339->294
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 04031821
                                                                                                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 04031A47
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2131431278.000000000402F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0402F000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_402f000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateFileFreeVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 204039940-0
                                                                                                                                                                                                                        • Opcode ID: e364f936384ad5a75a3e6820b612275e2b186d73597ef444eab7978b091760cf
                                                                                                                                                                                                                        • Instruction ID: 08b8c0fc23ed2688dfa2e1de0c3e8df8be5f19933177e33a8a2086af338ce08c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e364f936384ad5a75a3e6820b612275e2b186d73597ef444eab7978b091760cf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45A12A74E00209EBDB14CFA4C994BEEBBB9FF48306F208559E501BB280D775AA41CF95
                                                                                                                                                                                                                        Function 00414F10 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 340 414f10-414f2c 341 414f4f 340->341 342 414f2e-414f31 340->342 343 414f51-414f55 341->343 342->341 344 414f33-414f35 342->344 345 414f37-414f46 call 417f23 344->345 346 414f56-414f5b 344->346 354 414f47-414f4c call 417ebb 345->354 347 414f6a-414f6d 346->347 348 414f5d-414f68 346->348 352 414f7a-414f7c 347->352 353 414f6f-414f77 call 4131f0 347->353 348->347 351 414f8b-414f9e 348->351 357 414fa0-414fa6 351->357 358 414fa8 351->358 352->345 356 414f7e-414f89 352->356 353->352 354->341 356->345 356->351 359 414faf-414fb1 357->359 358->359 362 4150a1-4150a4 359->362 363 414fb7-414fbe 359->363 362->343 365 414fc0-414fc5 363->365 366 415004-415007 363->366 365->366 367 414fc7 365->367 368 415071-415072 call 41e6b1 366->368 369 415009-41500d 366->369 370 415102 367->370 371 414fcd-414fd1 367->371 380 415077-41507b 368->380 373 41500f-415018 369->373 374 41502e-415035 369->374 375 415106-41510f 370->375 378 414fd3 371->378 379 414fd5-414fd8 371->379 381 415023-415028 373->381 382 41501a-415021 373->382 376 415037 374->376 377 415039-41503c 374->377 375->343 376->377 384 415042-41504e call 41453a call 41ed9e 377->384 385 4150d5-4150d9 377->385 378->379 386 4150a9-4150af 379->386 387 414fde-414fff call 41ee9b 379->387 380->375 388 415081-415085 380->388 383 41502a-41502c 381->383 382->383 383->377 408 415053-415058 384->408 393 4150eb-4150fd call 417f23 385->393 394 4150db-4150e8 call 4131f0 385->394 389 4150b1-4150bd call 4131f0 386->389 390 4150c0-4150d0 call 417f23 386->390 396 415099-41509b 387->396 388->385 395 415087-415096 388->395 389->390 390->354 393->354 394->393 395->396 396->362 396->363 409 415114-415118 408->409 410 41505e-415061 408->410 409->375 410->370 411 415067-41506f 410->411 411->396
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3886058894-0
                                                                                                                                                                                                                        • Opcode ID: b117a392f3759847975495debe7ea87102f8b7de0bc78f8cbc322732e1c6b221
                                                                                                                                                                                                                        • Instruction ID: 085ef53bf2cba992f8731f00f2d52beda6aca72a1b803249d76dffc069a60243
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b117a392f3759847975495debe7ea87102f8b7de0bc78f8cbc322732e1c6b221
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA510830900604EFCB208FA9C8445DFBBB5EFC5324F24825BF82596290D7799ED2CB99
                                                                                                                                                                                                                        Function 00401BE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042A9B0
                                                                                                                                                                                                                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00401C62
                                                                                                                                                                                                                        • _wcsncpy.LIBCMT ref: 00401CA1
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 00401CBD
                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: IconLoadNotifyShell_String_memset_wcscpy_wcslen_wcsncpy
                                                                                                                                                                                                                        • String ID: Line:
                                                                                                                                                                                                                        • API String ID: 1620655955-1585850449
                                                                                                                                                                                                                        • Opcode ID: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                                                                                                                                                                                                                        • Instruction ID: a4e7cf3abc31881c2b93aaae0beefbbd48c64772eea77d32b53e92a0700a02c6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7431D47151C301ABD324EB11DC41BDB77E8AF94314F04493FF989521A1DB78AA49C79B
                                                                                                                                                                                                                        Function 004103E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 445 4103e0-410461 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00410454
                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 0041045E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$CreateShow
                                                                                                                                                                                                                        • String ID: AutoIt v3$edit
                                                                                                                                                                                                                        • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                        • Opcode ID: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                                                                                                                                                                                                                        • Instruction ID: daa3d4afae2654ee996124117597f48fa5c574a0ac4b96d00400a8ba476d7f73
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3F0A975BE4310BAF6609754AC43F592B59A765F00F3445ABB700BF1D0D6E478408B9C
                                                                                                                                                                                                                        Function 04031530 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 141fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 446 4031530-4031650 call 402f180 call 4031420 CreateFileW 453 4031652 446->453 454 4031657-4031667 446->454 455 4031707-403170c 453->455 457 4031669 454->457 458 403166e-4031688 VirtualAlloc 454->458 457->455 459 403168a 458->459 460 403168c-40316a3 ReadFile 458->460 459->455 461 40316a7-40316e1 call 4031460 call 4030420 460->461 462 40316a5 460->462 467 40316e3-40316f8 call 40314b0 461->467 468 40316fd-4031705 ExitProcess 461->468 462->455 467->468 468->455
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 04031420: Sleep.KERNELBASE(000001F4), ref: 04031431
                                                                                                                                                                                                                        • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 04031646
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2131431278.000000000402F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0402F000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_402f000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateFileSleep
                                                                                                                                                                                                                        • String ID: E14NQJ19LL7
                                                                                                                                                                                                                        • API String ID: 2694422964-2744226032
                                                                                                                                                                                                                        • Opcode ID: 9d9f28716cf30c9a18a6a81b760ba3ceb7e5c88554e4c1bc0a8773a452a0c4f7
                                                                                                                                                                                                                        • Instruction ID: 212b04f4b371c2ade56965733fc782491cd4b7ebe5ca818f7720199be85aa504
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d9f28716cf30c9a18a6a81b760ba3ceb7e5c88554e4c1bc0a8773a452a0c4f7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A519F30E04249EBEF11DBE4C854BEEBB79AF08305F004199E608BB2C0D7791B45CBA5
                                                                                                                                                                                                                        Function 00413A88 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 470 413a88-413a99 call 41718c 473 413b10-413b15 call 4171d1 470->473 474 413a9b-413aa2 470->474 475 413aa4-413abc call 418407 call 419f6d 474->475 476 413ae7 474->476 488 413ac7-413ad7 call 413ade 475->488 489 413abe-413ac6 call 419f9d 475->489 480 413ae8-413af8 RtlFreeHeap 476->480 480->473 482 413afa-413b0f call 417f23 GetLastError call 417ee1 480->482 482->473 488->473 495 413ad9-413adc 488->495 489->488 495->480
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __lock.LIBCMT ref: 00413AA6
                                                                                                                                                                                                                          • Part of subcall function 00418407: __mtinitlocknum.LIBCMT ref: 0041841D
                                                                                                                                                                                                                          • Part of subcall function 00418407: __amsg_exit.LIBCMT ref: 00418429
                                                                                                                                                                                                                          • Part of subcall function 00418407: EnterCriticalSection.KERNEL32(?,?,?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001), ref: 00418431
                                                                                                                                                                                                                        • ___sbh_find_block.LIBCMT ref: 00413AB1
                                                                                                                                                                                                                        • ___sbh_free_block.LIBCMT ref: 00413AC0
                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00411739,0048C758,0000000C,004183E8,00000000,0048CA38,0000000C,00418422,00411739,?,?,004224D3,00000004,0048CCA0,0000000C), ref: 00413AF0
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001,00000214), ref: 00413B01
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2714421763-0
                                                                                                                                                                                                                        • Opcode ID: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                                                                                                                                                                                                                        • Instruction ID: 54fb22c17cbd059cfb8714ef359fce415cc636064f476ff80f42ef981757bf49
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7401A731A08301BADF206F71AC09BDF3B64AF00759F10052FF544A6182DB7D9AC19B9C
                                                                                                                                                                                                                        Function 004734B7 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 234COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: #v
                                                                                                                                                                                                                        • API String ID: 0-554117064
                                                                                                                                                                                                                        • Opcode ID: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                                                                                                                                                                                                                        • Instruction ID: a1f682be926937ece900e9fcc50ccc13891f43ead78ba7c6857800eee9f0599c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC81D2756043009FC310EF65C985B6AB7E4EF84315F008D2EF988AB392D779E909CB96
                                                                                                                                                                                                                        Function 0040F5E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0040F580: _wcslen.LIBCMT ref: 0040F58A
                                                                                                                                                                                                                          • Part of subcall function 0040F580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0040F5A3
                                                                                                                                                                                                                          • Part of subcall function 0040F580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,-00000010,00000001,?,?,?,?), ref: 0040F5CC
                                                                                                                                                                                                                        • _strcat.LIBCMT ref: 0040F603
                                                                                                                                                                                                                          • Part of subcall function 0040F6A0: _memset.LIBCMT ref: 0040F6A8
                                                                                                                                                                                                                          • Part of subcall function 0040F6D0: _strlen.LIBCMT ref: 0040F6D8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$_memset_strcat_strlen_wcslen
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 1194219731-2761332787
                                                                                                                                                                                                                        • Opcode ID: ee47fd20779ff5886c3c730aa44a1efa7791f275b5868e90dcef310a8da63108
                                                                                                                                                                                                                        • Instruction ID: 1fd31f67f6889806bd2ce24d6488871f5ee50ddf162d20410a363c4a19aba518
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee47fd20779ff5886c3c730aa44a1efa7791f275b5868e90dcef310a8da63108
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 022158B260825067C724EF7A9C8266EF7D8AF85308F148C3FF554D2282F638D555879A
                                                                                                                                                                                                                        Function 04030420 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateProcessW.KERNELBASE(?,00000000), ref: 04030BDB
                                                                                                                                                                                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 04030C71
                                                                                                                                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 04030C93
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2131431278.000000000402F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0402F000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_402f000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2438371351-0
                                                                                                                                                                                                                        • Opcode ID: a5f8eca76df1c4d60a387bf050efe929c827b8bdc82418feca4108ede207e1c1
                                                                                                                                                                                                                        • Instruction ID: 5a47829ad8509a058a77cc05d997f7b0fca6693119f9ebf5914e90a149fbd993
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5f8eca76df1c4d60a387bf050efe929c827b8bdc82418feca4108ede207e1c1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F620C30A15218DBEB24CFA4C850BDEB776EF58301F1091A9E10DFB294E775AE81CB59
                                                                                                                                                                                                                        Function 0040E1E0 Relevance: 6.1, APIs: 4, Instructions: 82windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 0040E202
                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: IconNotifyShell__memset
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 928536360-0
                                                                                                                                                                                                                        • Opcode ID: 27b28fb85d639681eb8fd2a3c2bcd9dc0bb82ef5f5c365fc5a47124cd6911170
                                                                                                                                                                                                                        • Instruction ID: 9c6d99eda8392314e00a4319cd3b9f491a6d528882fc0aac3328a2d60ab56ec1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27b28fb85d639681eb8fd2a3c2bcd9dc0bb82ef5f5c365fc5a47124cd6911170
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC318170608701DFD320DF25D845B97BBF8BB45304F00486EE99A93380E778A958CF5A
                                                                                                                                                                                                                        Function 0041171A Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                          • Part of subcall function 004138BA: __FF_MSGBANNER.LIBCMT ref: 004138DD
                                                                                                                                                                                                                          • Part of subcall function 004138BA: __NMSG_WRITE.LIBCMT ref: 004138E4
                                                                                                                                                                                                                          • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                                                                                                                                                                                                                        • std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                          • Part of subcall function 004116B0: std::exception::exception.LIBCMT ref: 004116BC
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1411284514-0
                                                                                                                                                                                                                        • Opcode ID: ca7221cdd9cc9326792a0c346bb7c35cd30f9974032eaa45b6addcc39664c516
                                                                                                                                                                                                                        • Instruction ID: c554e94cc15d94fff19a40754e7570613bf3612ee9c26c673f8185df9075a277
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca7221cdd9cc9326792a0c346bb7c35cd30f9974032eaa45b6addcc39664c516
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6FF0E23550060A66CF08B723EC06ADE3B649F11798B10403BFA20552F2DF6DADC9865C
                                                                                                                                                                                                                        Function 0040F110 Relevance: 4.5, APIs: 3, Instructions: 32registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegOpenKeyExW.KERNELBASE(80000001,0040F0EE,00000000,00000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F132
                                                                                                                                                                                                                        • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F14F
                                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(00000000,?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F159
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3677997916-0
                                                                                                                                                                                                                        • Opcode ID: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                                                                                                                                                                                                                        • Instruction ID: 6acd5c45b0bc896a902747136fbadff1bb775023c46fd22fba7b324c5144c726
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60F0BDB0204202ABD614DF54DD88E6BB7F9EF88704F10492DB585D7250D7B4A804CB26
                                                                                                                                                                                                                        Function 0043526E Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _malloc.LIBCMT ref: 00435278
                                                                                                                                                                                                                          • Part of subcall function 004138BA: __FF_MSGBANNER.LIBCMT ref: 004138DD
                                                                                                                                                                                                                          • Part of subcall function 004138BA: __NMSG_WRITE.LIBCMT ref: 004138E4
                                                                                                                                                                                                                          • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                                                                                                                                                                                                                        • _malloc.LIBCMT ref: 00435288
                                                                                                                                                                                                                        • _malloc.LIBCMT ref: 00435298
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _malloc$AllocateHeap
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 680241177-0
                                                                                                                                                                                                                        • Opcode ID: d11b1792ef3d24f06ef5636d78d46cf58a843b0d423fa777cd48d8e801ebef30
                                                                                                                                                                                                                        • Instruction ID: 30b75876ff52ae1c35022de4a6700901ba1db26c97f4d16f7fcf584af9a5a73f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d11b1792ef3d24f06ef5636d78d46cf58a843b0d423fa777cd48d8e801ebef30
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5F0A0B1500F0046E660AB3198457C7A2E09B14307F00186FB6855618ADA7C69C4CEAC
                                                                                                                                                                                                                        Function 00401B70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception@8Throw_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: @EXITCODE
                                                                                                                                                                                                                        • API String ID: 580348202-3436989551
                                                                                                                                                                                                                        • Opcode ID: 48d001a4b96ee351bc7679959485890c1c6d832d60c6cde5ea273d4c8ab31dfe
                                                                                                                                                                                                                        • Instruction ID: 288ad252d7dad0c090ff8240dee62855692e698d70424b42c0a66861a7771545
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48d001a4b96ee351bc7679959485890c1c6d832d60c6cde5ea273d4c8ab31dfe
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73F06DF2A002025BD7649B35DC0276776E4AB44704F18C83EE14AC7791F6BDE8829B15
                                                                                                                                                                                                                        Function 0040EFE0 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,?,0040DFD2,?,00000001,00403843,?), ref: 0040F00A
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000,?,0040DFD2,?,00000001,00403843,?), ref: 004299D9
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                        • Opcode ID: 7605a8ea73ac57d11bec7dd1d6207c313580f8ed20fa142c5c15d61e0266fbc2
                                                                                                                                                                                                                        • Instruction ID: 855a981e3d87b0586b227f36a287a9e63fe5cd358b5bfab8de368ff291d46a89
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7605a8ea73ac57d11bec7dd1d6207c313580f8ed20fa142c5c15d61e0266fbc2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67011D703803107AF2311F28AD5BF5632546B44B24F244B39FBD5BE2E2D2F86885970C
                                                                                                                                                                                                                        Function 0041511A Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __lock_file_memset
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 26237723-0
                                                                                                                                                                                                                        • Opcode ID: c74911371e76cb9dc4786cfdbe28690debad29cef5acae8c4501fea9e7903076
                                                                                                                                                                                                                        • Instruction ID: c8a12bf2a45d0ac11074f8cac28b928f9e20b60047ac9024d749846706a082ab
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c74911371e76cb9dc4786cfdbe28690debad29cef5acae8c4501fea9e7903076
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32012971C00609FBCF22AF65DC029DF3B31AF44714F04815BF82416261D7798AA2DF99
                                                                                                                                                                                                                        Function 00414E94 Relevance: 3.0, APIs: 2, Instructions: 39COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                                                                                                                          • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                                                                                                                        • __lock_file.LIBCMT ref: 00414EE4
                                                                                                                                                                                                                          • Part of subcall function 00415965: __lock.LIBCMT ref: 0041598A
                                                                                                                                                                                                                        • __fclose_nolock.LIBCMT ref: 00414EEE
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __decode_pointer__fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 717694121-0
                                                                                                                                                                                                                        • Opcode ID: 6051778e024176e7de16a1974b8d1b3b80c3b8a23747dfcb666cdf4e7799d8f6
                                                                                                                                                                                                                        • Instruction ID: 225a509e04b880138f2478077c57af59103cae2c072c29012e7845c0956b1514
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6051778e024176e7de16a1974b8d1b3b80c3b8a23747dfcb666cdf4e7799d8f6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DEF06270D0470499C721BB6A9802ADE7AB0AFC1338F21864FE479A72D1C77C46C29F5D
                                                                                                                                                                                                                        Function 0403041D Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateProcessW.KERNELBASE(?,00000000), ref: 04030BDB
                                                                                                                                                                                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 04030C71
                                                                                                                                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 04030C93
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2131431278.000000000402F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0402F000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_402f000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2438371351-0
                                                                                                                                                                                                                        • Opcode ID: 6ff7500a3617197a005732162d507dd4d37460c8dcbf147a4ae2be43d63b6423
                                                                                                                                                                                                                        • Instruction ID: 0501c073a4161cacdaafa83f0d927d2cff44021c1581283024482b6003cddbf8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ff7500a3617197a005732162d507dd4d37460c8dcbf147a4ae2be43d63b6423
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A12FF20E24658C6EB24DF60D8507DEB232EF68301F1090E9910DEB7A5E77A5F81CF5A
                                                                                                                                                                                                                        Function 00410D40 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                                                                                                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                        • Instruction ID: fb1d736feddc8336b94c661b4f3a99b04f66f7614ca83ae43ac4a02a862e88ab
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1331D574A00105DFC718DF99E490AAAFBA6FB49304B2486A6E409CB751D774EDC1CBC5
                                                                                                                                                                                                                        Function 004092C0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 0d8ad4d875158e0120ed104e09085659f42b86f6d600f5d33fa38308f41241bf
                                                                                                                                                                                                                        • Instruction ID: 573dba848690e0cdfd4c9be45b5663ff9194aa529e9341154cf92adfcd841cf8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d8ad4d875158e0120ed104e09085659f42b86f6d600f5d33fa38308f41241bf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E11C374200200ABC7249FAAD8D5F2A73A5AF45304B244C6FE845E7392D73CEC81EB5E
                                                                                                                                                                                                                        Function 00401108 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ProcWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 181713994-0
                                                                                                                                                                                                                        • Opcode ID: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                                                                                                                                                                                                                        • Instruction ID: 72bdf1ad184d721e15e17473fba0dc1faec6c1a9a9d1f3fcb71c15abd8c9f185
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDF05436700118A7DF38995CE89ACFF632AD7ED350F418227FD152B3A6813C5C41966E
                                                                                                                                                                                                                        Function 0041AA31 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0041AA46
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateHeap
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 10892065-0
                                                                                                                                                                                                                        • Opcode ID: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                                                                                                                                                                                                                        • Instruction ID: 99ddfbee892492b32903703907324a593b21f4d4a70cf9c354be63060b8faba1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56D05E325543449EDF009F71AC087663FDCE788395F008836BC1CC6150E778C950CA08
                                                                                                                                                                                                                        Function 00444343 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00444326: SetFilePointerEx.KERNEL32(00000000,00000001,00000000,00000000,00000001,?,?,0044434E,?,?,00429A83,?,00487174,00000003,0040DFEE,?), ref: 004442F3
                                                                                                                                                                                                                        • WriteFile.KERNELBASE(?,?,00000001,?,00000000,?,?,00429A83,?,00487174,00000003,0040DFEE,?,?,00000001,00403843), ref: 00444362
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$PointerWrite
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 539440098-0
                                                                                                                                                                                                                        • Opcode ID: 35769b91a3a7bdb08b20991cec1574ff36ffa6c1adc4d20a0c17b9033c9b0ad0
                                                                                                                                                                                                                        • Instruction ID: 4a339a6eb5dfef6003722c1615037f540bc53d76d7f4c43935d02bdd90bbdfc9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35769b91a3a7bdb08b20991cec1574ff36ffa6c1adc4d20a0c17b9033c9b0ad0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7CE09275104311AFD250DF54D944F9BB3F8AF88714F108D0EF59587241D7B4A9848BA6
                                                                                                                                                                                                                        Function 0040116E Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ProcWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 181713994-0
                                                                                                                                                                                                                        • Opcode ID: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                                                                                                                                                                                                                        • Instruction ID: 4c36cba44089d0e03573cc5e8dee84df23505be31ebc2729507753268ee0d302
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3C08C72100008BB8700DE04EC44CFBB72CEBD8310700C20BBC0586201C230885097A1
                                                                                                                                                                                                                        Function 00414E06 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __wfsopen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 197181222-0
                                                                                                                                                                                                                        • Opcode ID: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                                                                                                                                                                                        • Instruction ID: 6225ca515e7db1e5d7746fb8cf1e0ad45b41b4d1817cc5a1d8a93eb941133566
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EDC09B7644010C77CF122943FC02E453F1997C0764F044011FB1C1D561D577D5619589
                                                                                                                                                                                                                        Function 0040D900 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(00000000,?,0040DF8E), ref: 0040D91D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                                                                        • Opcode ID: b0db0cc9728059d6acb69f925b284233246e7185417bf28957a0aabd78f307cc
                                                                                                                                                                                                                        • Instruction ID: 397672216df932ca6c22f29d52987cd2165f63c791f69eb8015935d900cfb6d9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0db0cc9728059d6acb69f925b284233246e7185417bf28957a0aabd78f307cc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16E0DEB5900B019EC7318F6AE544416FBF8AEE46213248E2FD4E6D2A64D3B4A5898F54
                                                                                                                                                                                                                        Function 0403141C Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Sleep.KERNELBASE(000001F4), ref: 04031431
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2131431278.000000000402F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0402F000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_402f000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                                                                        • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                                                                                                                        • Instruction ID: 8cea9651b3251361c370dc060aa930d96af628b3417c932310ad4863da7a60f2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19E0BF7494010DEFDB00EFA4D5496DE7FB4EF04302F1045A1FD05E7680DB309E548A62
                                                                                                                                                                                                                        Function 04031420 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Sleep.KERNELBASE(000001F4), ref: 04031431
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2131431278.000000000402F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0402F000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_402f000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                                                                        • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                        • Instruction ID: 11add56087132d077f4aadfd2b01c61080de12d0c8bbd2f5b77a4e4655b3d581
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89E0E67494010DDFDB00EFB4D54969E7FB4EF04302F104561FD01E2280DA309D508A62

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 0047C08E Relevance: 74.2, APIs: 40, Strings: 2, Instructions: 676windowkeyboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C158
                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,0000004E,?,?,004A83D8,?,004A83D8,?), ref: 0047C173
                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 0047C1A4
                                                                                                                                                                                                                        • GetKeyState.USER32(00000009), ref: 0047C1AD
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C1C0
                                                                                                                                                                                                                        • GetKeyState.USER32(00000010), ref: 0047C1CA
                                                                                                                                                                                                                        • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C1DE
                                                                                                                                                                                                                        • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C20A
                                                                                                                                                                                                                        • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C22D
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047C2D6
                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 0047C2FB
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$State$LongProcWindow
                                                                                                                                                                                                                        • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                        • API String ID: 1562745308-4164748364
                                                                                                                                                                                                                        • Opcode ID: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                                                                                                                                                                                                                        • Instruction ID: f40edf6d5039c675f00343e7880f865f139be9e64e9b8d530a61de5f06f6045f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6429F702042019FD714CF54C884FAB77A5EB89B04F548A6EFA48AB291DBB4EC45CB5A
                                                                                                                                                                                                                        Function 004045E0 Relevance: 46.9, Strings: 35, Instructions: 3193COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: PF$'|G$*"D$*vG$+%F$0wE$2G$5CG$7eF$<HF$<G$ApG$DvE$GSG$IqE$K@G$LbF$MdF$NgF$PIF$YtG$^[F$_?G$b"D$i}G$j)F$kQG$lE$rTG$vjE$}eE$*F$3G$_G$wG
                                                                                                                                                                                                                        • API String ID: 0-3772701627
                                                                                                                                                                                                                        • Opcode ID: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                                                                                                                                                                                                                        • Instruction ID: b1e67458769bbea4a86cd8903524db5b6e79558e2e7ab8c51025fc7bd56032a7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 118366F1905B409FC351DFAAF984605BAE1F3AA3157A2857FC5088B731D7B8194A8F4C
                                                                                                                                                                                                                        Function 004375B0 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 126threadkeyboardwindowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetForegroundWindow.USER32(00000000,?,?,004448AF,?), ref: 004375B3
                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 004375D8
                                                                                                                                                                                                                        • IsIconic.USER32(?), ref: 004375E1
                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000009,?,?,004448AF,?), ref: 004375EE
                                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 004375FD
                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00437615
                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00437619
                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00437624
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437632
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437638
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 0043763E
                                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 00437645
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437654
                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 0043765D
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043766B
                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00437674
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437682
                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 0043768B
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437699
                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 004376A2
                                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 004376AD
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376CD
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D3
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D9
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                        • API String ID: 3778422247-2988720461
                                                                                                                                                                                                                        • Opcode ID: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                                                                                                                                                                                                                        • Instruction ID: 6108fbe056c1a000d5481f33e03d330ccc862392245923d3170deea12ea07584
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC31A4712803157FE6245BA59D0EF7F3F9CEB48B51F10082EFA02EA1D1DAE458009B79
                                                                                                                                                                                                                        Function 004461ED Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 227processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 0044621B
                                                                                                                                                                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,?,?,?,?,?,?,?), ref: 00446277
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0044628A
                                                                                                                                                                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004462A4
                                                                                                                                                                                                                        • GetProcessWindowStation.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462BD
                                                                                                                                                                                                                        • SetProcessWindowStation.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462C8
                                                                                                                                                                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004462E4
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0044639E
                                                                                                                                                                                                                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                        • _wcsncpy.LIBCMT ref: 004463C7
                                                                                                                                                                                                                        • LoadUserProfileW.USERENV(?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 004463E7
                                                                                                                                                                                                                        • CreateEnvironmentBlock.USERENV(?,?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 00446408
                                                                                                                                                                                                                        • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000,?,?,00000000,?), ref: 00446446
                                                                                                                                                                                                                        • UnloadUserProfile.USERENV(?,?,?,?,?,?,?), ref: 00446483
                                                                                                                                                                                                                        • CloseWindowStation.USER32(00000000,?,?,?,?), ref: 00446497
                                                                                                                                                                                                                        • CloseDesktop.USER32(00000000,?,?,?,?), ref: 0044649E
                                                                                                                                                                                                                        • SetProcessWindowStation.USER32(?,?,?,?,?), ref: 004464A9
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?), ref: 004464B4
                                                                                                                                                                                                                        • DestroyEnvironmentBlock.USERENV(?,?,?,?,?,?), ref: 004464C8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_memset_wcslen_wcsncpy
                                                                                                                                                                                                                        • String ID: $default$winsta0
                                                                                                                                                                                                                        • API String ID: 2173856841-1027155976
                                                                                                                                                                                                                        • Opcode ID: dd3fbc5dfca59238d4d8e810ac2ec3cbfbbbad9087bbfadb14fa7de528d26857
                                                                                                                                                                                                                        • Instruction ID: eafd5d154f9bcf2590b8f8eb1e0f3d39b01f77f2fd200ee1cb9c7344d9c52646
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd3fbc5dfca59238d4d8e810ac2ec3cbfbbbad9087bbfadb14fa7de528d26857
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD819170208341AFE724DF65C848B6FBBE8AF89744F04491DF69097291DBB8D805CB6B
                                                                                                                                                                                                                        Function 00409A40 Relevance: 32.2, APIs: 15, Strings: 2, Instructions: 2432COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00409A61
                                                                                                                                                                                                                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: BuffCharException@8ThrowUpper_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: 0vH$4RH
                                                                                                                                                                                                                        • API String ID: 1143807570-2085553193
                                                                                                                                                                                                                        • Opcode ID: d063c81b6d46c843951d1fcf39b71a3da1da6362537048d5aa5123afb1fc8170
                                                                                                                                                                                                                        • Instruction ID: 7c8f52bff4b3ea9a641e6aac08ab5e1c8beb32691f0f21fab5f23224d73a3634
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d063c81b6d46c843951d1fcf39b71a3da1da6362537048d5aa5123afb1fc8170
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34238170A043109FD724DF25D480A6BB7E1BF89304F54896EE84A9B391D739EC46CB9B
                                                                                                                                                                                                                        Function 0044BD29 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 178filestringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,?,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,004A8E80,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,0040F3D2), ref: 0040FFCA
                                                                                                                                                                                                                          • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A45
                                                                                                                                                                                                                          • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A6C
                                                                                                                                                                                                                          • Part of subcall function 00436A1D: __wcsicoll.LIBCMT ref: 00436A93
                                                                                                                                                                                                                          • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 0044BD96
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 0044BDBF
                                                                                                                                                                                                                        • __wsplitpath.LIBCMT ref: 0044BDEC
                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0044BE04
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 0044BE73
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 0044BE85
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 0044BE97
                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC3
                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 0044BED5
                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 0044BEF5
                                                                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0C
                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 0044BF17
                                                                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2E
                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0044BF35
                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 0044BF51
                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF66
                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0044BF7E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$Find_wcscat$__wsplitpath$CloseCopyDeleteMove$AttributesFirstFullNameNextPath__wcsicoll_wcscpylstrcmpi
                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                        • API String ID: 2188072990-1173974218
                                                                                                                                                                                                                        • Opcode ID: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                                                                                                                                                                                                                        • Instruction ID: 14f7055b3521afb04026f42b490306401b0ba37f80ed0ea0ca267746d8cc4687
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA5166B2008344AAD720DBA4DC44FDF73E8AB85314F448D1EF68982141EB79D64CCBAA
                                                                                                                                                                                                                        Function 0042039F Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 282timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __invoke_watson.LIBCMT ref: 004203A4
                                                                                                                                                                                                                          • Part of subcall function 00417D93: _memset.LIBCMT ref: 00417DBB
                                                                                                                                                                                                                          • Part of subcall function 00417D93: IsDebuggerPresent.KERNEL32(?,?,00000314), ref: 00417E6F
                                                                                                                                                                                                                          • Part of subcall function 00417D93: SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,00000314), ref: 00417E79
                                                                                                                                                                                                                          • Part of subcall function 00417D93: UnhandledExceptionFilter.KERNEL32(?,?,?,00000314), ref: 00417E86
                                                                                                                                                                                                                          • Part of subcall function 00417D93: GetCurrentProcess.KERNEL32(C0000417,?,?,00000314), ref: 00417EA1
                                                                                                                                                                                                                          • Part of subcall function 00417D93: TerminateProcess.KERNEL32(00000000,?,?,00000314), ref: 00417EA8
                                                                                                                                                                                                                        • __get_daylight.LIBCMT ref: 004203B0
                                                                                                                                                                                                                        • __invoke_watson.LIBCMT ref: 004203BF
                                                                                                                                                                                                                        • __get_daylight.LIBCMT ref: 004203CB
                                                                                                                                                                                                                        • __invoke_watson.LIBCMT ref: 004203DA
                                                                                                                                                                                                                        • ____lc_codepage_func.LIBCMT ref: 004203E2
                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 00420442
                                                                                                                                                                                                                        • __malloc_crt.LIBCMT ref: 00420449
                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 0042045F
                                                                                                                                                                                                                        • _strcpy_s.LIBCMT ref: 0042046D
                                                                                                                                                                                                                        • __invoke_watson.LIBCMT ref: 00420482
                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(00496C28), ref: 004204AA
                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,00496C2C,?,?,0000003F,?,?), ref: 00420528
                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,00496C80,000000FF,?,0000003F,?,?,?,00496C2C,?,?,0000003F,?,?), ref: 0042055C
                                                                                                                                                                                                                          • Part of subcall function 00413A88: __lock.LIBCMT ref: 00413AA6
                                                                                                                                                                                                                          • Part of subcall function 00413A88: ___sbh_find_block.LIBCMT ref: 00413AB1
                                                                                                                                                                                                                          • Part of subcall function 00413A88: ___sbh_free_block.LIBCMT ref: 00413AC0
                                                                                                                                                                                                                          • Part of subcall function 00413A88: RtlFreeHeap.NTDLL(00000000,00411739,0048C758,0000000C,004183E8,00000000,0048CA38,0000000C,00418422,00411739,?,?,004224D3,00000004,0048CCA0,0000000C), ref: 00413AF0
                                                                                                                                                                                                                          • Part of subcall function 00413A88: GetLastError.KERNEL32(?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001,00000214), ref: 00413B01
                                                                                                                                                                                                                        • __invoke_watson.LIBCMT ref: 004205CC
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __invoke_watson$ByteCharExceptionFilterMultiProcessUnhandledWide__get_daylight_strlen$CurrentDebuggerErrorFreeHeapInformationLastPresentTerminateTimeZone____lc_codepage_func___sbh_find_block___sbh_free_block__lock__malloc_crt_memset_strcpy_s
                                                                                                                                                                                                                        • String ID: S\
                                                                                                                                                                                                                        • API String ID: 4084823496-393906132
                                                                                                                                                                                                                        • Opcode ID: 9f641836eee9844fdb211255f71e21062b6006d1a88a71a8f5a1c928a585c03b
                                                                                                                                                                                                                        • Instruction ID: b357f19af7064e56bcdb8625987f67de7edc2332d57e558cb2e7b84f91b73af7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f641836eee9844fdb211255f71e21062b6006d1a88a71a8f5a1c928a585c03b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A91D371E00125AFDB20EF65EC819AE7BE9EF55300B95003BF540A7253DA3C89828F5C
                                                                                                                                                                                                                        Function 00434D50 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 114fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00434D75
                                                                                                                                                                                                                        • __swprintf.LIBCMT ref: 00434D91
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00434D9B
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00434DB0
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00434DC5
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00434DD7
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00434E0A
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00434E27
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00434E3C
                                                                                                                                                                                                                        • _wcsncpy.LIBCMT ref: 00434E6F
                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00434EA9
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00434EB4
                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 00434EBB
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00434ECE
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcslen$CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                                                                                                        • String ID: :$\$\??\%s
                                                                                                                                                                                                                        • API String ID: 302090198-3457252023
                                                                                                                                                                                                                        • Opcode ID: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                                                                                                                                                                                                                        • Instruction ID: 730b2dca1b6b09bd6b76555d3316dee95f4818bcffb97f26f8f03165767cfd2f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30416676604340ABE330EB64DC49FEF73E8AFD8714F00891EF649921D1E7B4A645876A
                                                                                                                                                                                                                        Function 00464422 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 193threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00444233: _wcslen.LIBCMT ref: 0044424E
                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0046449E
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 004644B4
                                                                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 004644C8
                                                                                                                                                                                                                        • OpenThreadToken.ADVAPI32(00000000), ref: 004644CF
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 004644E0
                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 004644E7
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess$CurrentThreadToken$ErrorLast_wcslen
                                                                                                                                                                                                                        • String ID: SeDebugPrivilege
                                                                                                                                                                                                                        • API String ID: 1312810259-2896544425
                                                                                                                                                                                                                        • Opcode ID: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                                                                                                                                                                                                                        • Instruction ID: c3f5e6af55eb0da9fa74db60d4f5a84adac3a89a74612fbe59a223ef38337450
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E51A171200201AFD710DF65DD85F5BB7A8AB84704F10892EFB44DB2C1D7B8E844CBAA
                                                                                                                                                                                                                        Function 004037E0 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 359COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403871
                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403887
                                                                                                                                                                                                                        • __wsplitpath.LIBCMT ref: 004038B2
                                                                                                                                                                                                                          • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 004038C7
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 004038DC
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 004038EC
                                                                                                                                                                                                                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                          • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,0040397D,?,?,00000010), ref: 00403F54
                                                                                                                                                                                                                          • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,00000010), ref: 00403F8B
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 004039C2
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00403A53
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00403AAA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • #include depth exceeded. Make sure there are no recursive includes, xrefs: 0042B87B
                                                                                                                                                                                                                        • _, xrefs: 00403B48
                                                                                                                                                                                                                        • Error opening the file, xrefs: 0042B8AC
                                                                                                                                                                                                                        • Unterminated string, xrefs: 0042B9BA
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpy$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_wcscatstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                                                                                                                                                                                                        • API String ID: 4115725249-188983378
                                                                                                                                                                                                                        • Opcode ID: 9d3cc106af837a0ba3a302398e1680714f0cc5ac52ed53ec90940b3ab90f08f5
                                                                                                                                                                                                                        • Instruction ID: dca64db042171ec5605b2d10b6a92a42a2076cc25022adee7b8115af8a15fc96
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d3cc106af837a0ba3a302398e1680714f0cc5ac52ed53ec90940b3ab90f08f5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16D1D5B15083019AD710EF65C841AEB77E8AF95308F04492FF5C563292DB78DA49C7AB
                                                                                                                                                                                                                        Function 00434BEE Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00434C12
                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00434C4F
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 00434C65
                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00434C77
                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00434C88
                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00434C9C
                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00434CB7
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00434CFE
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(0048A090), ref: 00434D22
                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00434D2A
                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00434D35
                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00434D43
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                        • API String ID: 1409584000-438819550
                                                                                                                                                                                                                        • Opcode ID: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                                                                                                                                                                                                                        • Instruction ID: 399dbb17912f16e5170155dcc5475d9346bc7ba5aa4a4c8a0ea4d4714b2c7a66
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4141D8726042086BD710EF64DC45AEFB3A8AAC9311F14592FFD54C3280EB79E915C7B9
                                                                                                                                                                                                                        Function 00444078 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 94timesleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Timetime$Sleep
                                                                                                                                                                                                                        • String ID: BUTTON
                                                                                                                                                                                                                        • API String ID: 4176159691-3405671355
                                                                                                                                                                                                                        • Opcode ID: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                                                                                                                                                                                                                        • Instruction ID: 32c89cc89acb3c111fc3cc5f781edb0c57d51ec263d79eeef99f8852f1a29925
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB21B7723843016BE330DB74FD4DF5A7B94A7A5B51F244876F600E6290D7A5D442876C
                                                                                                                                                                                                                        Function 00445DD3 Relevance: 18.2, APIs: 12, Instructions: 179COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 004392DE
                                                                                                                                                                                                                          • Part of subcall function 004392BC: GetLastError.KERNEL32 ref: 004392E4
                                                                                                                                                                                                                          • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0043930B
                                                                                                                                                                                                                          • Part of subcall function 0043928B: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004392A5
                                                                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,00000004,?,?,?,?), ref: 00445E4B
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00445E61
                                                                                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00445E83
                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00445E92
                                                                                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?,?,00000018), ref: 00445EDE
                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00445EFB
                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,?,00000018), ref: 00445F11
                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?,?,00000000,?,00000000), ref: 00445F39
                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00445F40
                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?,?,00000000,?,00000000), ref: 00445F6E
                                                                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,00000000,?,00000000), ref: 00445F8B
                                                                                                                                                                                                                        • SetUserObjectSecurity.USER32(?,?,?), ref: 00445FA0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3490752873-0
                                                                                                                                                                                                                        • Opcode ID: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                                                                                                                                                                                                                        • Instruction ID: 491154c1e478dcf6c9ac3cbca3c2c9e2645d4ee7bbdc2abf5fae4ada557f6fe4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85519D71108301ABD610DF61CD84E6FB7E9AFC9B04F04491EFA869B242D778E909C76B
                                                                                                                                                                                                                        Function 0047A999 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 288comCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 0047AA03
                                                                                                                                                                                                                        • CLSIDFromProgID.OLE32(00000000,?), ref: 0047AA27
                                                                                                                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,004829C0,?), ref: 0047AAAA
                                                                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0047AB6B
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 0047AB7C
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0047AC68
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 0047ACCD
                                                                                                                                                                                                                        • CoCreateInstanceEx.OLE32 ref: 0047AD06
                                                                                                                                                                                                                        • CoSetProxyBlanket.OLE32(004829D0,?,?,?,?,?,?,00000800), ref: 0047AD53
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • NULL Pointer assignment, xrefs: 0047AD84
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateInitializeInstance_memset$BlanketFromProgProxySecurity_wcslen
                                                                                                                                                                                                                        • String ID: NULL Pointer assignment
                                                                                                                                                                                                                        • API String ID: 1588287285-2785691316
                                                                                                                                                                                                                        • Opcode ID: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                                                                                                                                                                                                                        • Instruction ID: 16786b45dbc5194aa398acfc0f0ff3b91b98a178c64a073a91da7f4e0cb75f58
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54B10DB15083409FD320EF65C881B9FB7E8BBC8744F108E2EF58997291D7759948CB66
                                                                                                                                                                                                                        Function 004364AA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 79shutdownCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 004364B9
                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 004364C0
                                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004364D6
                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32 ref: 004364FE
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00436504
                                                                                                                                                                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 00436527
                                                                                                                                                                                                                        • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000001), ref: 00436557
                                                                                                                                                                                                                        • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 0043656A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                                                                                                                                                                                                        • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                        • API String ID: 2938487562-3733053543
                                                                                                                                                                                                                        • Opcode ID: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                                                                                                                                                                                                                        • Instruction ID: b625d7910520021a286729d09db348b3c4b0b131b75d5259d4bd29649b467962
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E021D5B02803017FF7149B64DD4AF6B3398EB48B10F948829FE09852D2D6BDE844973D
                                                                                                                                                                                                                        Function 0043614F Relevance: 16.6, APIs: 11, Instructions: 103COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __swprintf.LIBCMT ref: 00436162
                                                                                                                                                                                                                        • __swprintf.LIBCMT ref: 00436176
                                                                                                                                                                                                                          • Part of subcall function 0041353A: __woutput_l.LIBCMT ref: 0041358F
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 00436185
                                                                                                                                                                                                                        • FindResourceW.KERNEL32(?,?,0000000E), ref: 004361A6
                                                                                                                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 004361AE
                                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 004361B5
                                                                                                                                                                                                                        • FindResourceW.KERNEL32(?,?,00000003), ref: 004361DA
                                                                                                                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 004361E4
                                                                                                                                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 004361F0
                                                                                                                                                                                                                        • LockResource.KERNEL32(?), ref: 004361FD
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll__woutput_l
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2406429042-0
                                                                                                                                                                                                                        • Opcode ID: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                                                                                                                                                                                                                        • Instruction ID: 79d88324f8a28cdfdddc37bd7103cac5134eefaeeaedb246b69d205017f9fa0d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82313432104210BFD700EF64ED88EAF77A9FB89304F00882BFA4196150E778D940CB68
                                                                                                                                                                                                                        Function 0045D517 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 91COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D522
                                                                                                                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D593
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0045D59D
                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(?), ref: 0045D629
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                        • API String ID: 4194297153-14809454
                                                                                                                                                                                                                        • Opcode ID: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                                                                                                                                                                                                                        • Instruction ID: 49a1caac5541b587bc648ef7caa6256b54369420b38b3993b587487a6931f65b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA31AD75A083009FC310EF55D98090BB7E1AF89315F448D6FF94997362D778E9068B6A
                                                                                                                                                                                                                        Function 0047AD92 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251comCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • MkParseDisplayName.OLE32(?,00000000,?,?), ref: 0047AF0F
                                                                                                                                                                                                                          • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                                                                                                                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                                                                                                                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                                                                                                                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 0047AE06
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0047AE18
                                                                                                                                                                                                                        • CreateBindCtx.OLE32(00000000,?), ref: 0047AEC2
                                                                                                                                                                                                                        • CLSIDFromProgID.OLE32(00000000,?,?), ref: 0047AFCC
                                                                                                                                                                                                                        • GetActiveObject.OLEAUT32(?,00000000,?), ref: 0047AFF9
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CopyVariant$_wcslen$ActiveBindCreateDisplayErrorFromInitializeLastNameObjectParseProg_wcscpy
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 1915432386-2761332787
                                                                                                                                                                                                                        • Opcode ID: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                                                                                                                                                                                                                        • Instruction ID: 7e3b4e38c6064d991530b19baaff212313fd3e9d55f264e0ba959e8ba912c45c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C915C71604301ABD710EB65CC85F9BB3E8AFC8714F10892EF64597291EB78E909CB5A
                                                                                                                                                                                                                        Function 0044ED9A Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 448COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: DEFINE$`$h$h
                                                                                                                                                                                                                        • API String ID: 0-4194577831
                                                                                                                                                                                                                        • Opcode ID: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
                                                                                                                                                                                                                        • Instruction ID: b1cbab3e2140d6a963e4b85c5b61650905c2e88cbb7a9c7ccaf19de07e543520
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9802A1715083818FE725CF29C88076BBBE2BFD5304F28896EE89587342D779D849CB56
                                                                                                                                                                                                                        Function 0046483C Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000000), ref: 004648B0
                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,?,00000000), ref: 004648BE
                                                                                                                                                                                                                        • bind.WSOCK32(00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 004648DA
                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 004648E6
                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000,00000000,00000000,00000000,00000005,00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 0046492D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast$bindclosesocketsocket
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2609815416-0
                                                                                                                                                                                                                        • Opcode ID: f055706b1daf61e2065e9fedb91be4565bf8eae27f8502184711caae908a2a6c
                                                                                                                                                                                                                        • Instruction ID: d240999dee57073d64b91b26c15bb406cb7727aead8f71c00845428af50f987f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f055706b1daf61e2065e9fedb91be4565bf8eae27f8502184711caae908a2a6c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C731CB712002009BD710FF2ADC81B6BB3E8EF85724F144A5FF594A72D2D779AC85876A
                                                                                                                                                                                                                        Function 0043701F Relevance: 10.6, APIs: 7, Instructions: 76processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00437043
                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,00000002), ref: 00437050
                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00437075
                                                                                                                                                                                                                        • __wsplitpath.LIBCMT ref: 004370A5
                                                                                                                                                                                                                          • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 004370BA
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 004370C8
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?), ref: 00437105
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2547909840-0
                                                                                                                                                                                                                        • Opcode ID: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                                                                                                                                                                                                                        • Instruction ID: d866d71778569fbbd99b025f777f77cc3db9ba9c83dfb601fa45888e96c7797d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C21A7B20083819BD735DB55C881BEFB7E8BB99304F00491EF5C947241EB79A589CB6A
                                                                                                                                                                                                                        Function 00452126 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127filesleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,?,?,?,00000000), ref: 0045217E
                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A,?,?,00000000), ref: 004521B2
                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,?,?,00000000), ref: 004522AC
                                                                                                                                                                                                                        • FindClose.KERNEL32(?,?,00000000), ref: 004522C3
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstNextSleep_wcslen
                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                        • API String ID: 2693929171-438819550
                                                                                                                                                                                                                        • Opcode ID: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                                                                                                                                                                                                                        • Instruction ID: e6452ff64139cddd5fd774ab19bf2199aa97b2a19dc0f7115334900b47d689b2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD419D756083409FC314DF25C984A9FB7E4BF86305F04491FF98993291DBB8E949CB5A
                                                                                                                                                                                                                        Function 0046C5D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69clipboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • OpenClipboard.USER32(?), ref: 0046C635
                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046C643
                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 0046C64F
                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 0046C65D
                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 0046C688
                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 0046C692
                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 0046C6D5
                                                                                                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 0046C6DD
                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 0046C6EE
                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0046C726
                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 0046C866
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$CloseGlobal$AvailableDataFormatLock$OpenUnlock
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 589737431-2761332787
                                                                                                                                                                                                                        • Opcode ID: 76419e0badb028214ed7bad9e924c36871e80023f9f647d131bfc03e45e064d3
                                                                                                                                                                                                                        • Instruction ID: 5556deb4c8197336e1b92b5e2a85e957832ef7964462d916cb468ff193882e13
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76419e0badb028214ed7bad9e924c36871e80023f9f647d131bfc03e45e064d3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7301F5762042005FC300AFB9ED45B6A7BA4EF59704F04097FF980A72C1EBB1E915C7AA
                                                                                                                                                                                                                        Function 00436431 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 0043643C
                                                                                                                                                                                                                        • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 00436452
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 00436466
                                                                                                                                                                                                                        • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043647C
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __wcsicollmouse_event
                                                                                                                                                                                                                        • String ID: DOWN
                                                                                                                                                                                                                        • API String ID: 1033544147-711622031
                                                                                                                                                                                                                        • Opcode ID: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                                                                                                                                                                                                                        • Instruction ID: 8a73d33e481528181e274ae5662561dddcd8f7088196b39fde8242b6fe69d79f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75E0927558872039FC4036253C02FFB174CAB66796F018116FE00D1291EA586D865BBD
                                                                                                                                                                                                                        Function 004741BB Relevance: 7.6, APIs: 5, Instructions: 137networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 00474213
                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00474233
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLastinet_addrsocket
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4170576061-0
                                                                                                                                                                                                                        • Opcode ID: c11ce247c64ee683b380b6a697379cd3ea863651eb179087c325b129d43524e0
                                                                                                                                                                                                                        • Instruction ID: 44a7e99483396e6262e636993c5e510db402c36a24f0b6146f21617b09e75fab
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c11ce247c64ee683b380b6a697379cd3ea863651eb179087c325b129d43524e0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6412C7164030067E720BB3A8C83F5A72D89F40728F144D5EF954BB2C3D6BAAD45475D
                                                                                                                                                                                                                        Function 00456354 Relevance: 7.6, APIs: 5, Instructions: 127keyboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCursorPos.USER32(004A83D8), ref: 0045636A
                                                                                                                                                                                                                        • ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(?), ref: 004563D0
                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(?), ref: 004563DC
                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00456430
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AsyncState$ClientCursorLongScreenWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3539004672-0
                                                                                                                                                                                                                        • Opcode ID: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                                                                                                                                                                                                                        • Instruction ID: 0eacbf52c9ff4b21db6d2500407d28a57be55752a0539e191fb639d8ee6a043b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E416071108341ABD724DF55CD84EBBB7E9EF86725F540B0EB8A543281C734A848CB6A
                                                                                                                                                                                                                        Function 004772DE Relevance: 7.6, APIs: 5, Instructions: 67windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                                                                                                                        • IsWindowVisible.USER32 ref: 00477314
                                                                                                                                                                                                                        • IsWindowEnabled.USER32 ref: 00477324
                                                                                                                                                                                                                        • GetForegroundWindow.USER32(?,?,?,00000001,?,?), ref: 00477331
                                                                                                                                                                                                                        • IsIconic.USER32 ref: 0047733F
                                                                                                                                                                                                                        • IsZoomed.USER32 ref: 0047734D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 292994002-0
                                                                                                                                                                                                                        • Opcode ID: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                                                                                                                                                                                                                        • Instruction ID: c753cb395bd8887e5e04db90522a3107d7308fd2cfa588f53a4db7a4177bc043
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 351172327041119BE3209B26DD05B9FB7A8AF91310F05882EFC49E7250D7B8EC42D7A9
                                                                                                                                                                                                                        Function 00436D2D Relevance: 7.6, APIs: 5, Instructions: 52filetimeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000,76233220,00000000,00000000,00442E95,?,?,?), ref: 00436D4F
                                                                                                                                                                                                                        • SetFileTime.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 00436D8C
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 00436D93
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$CloseCreateHandleTime
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3397143404-0
                                                                                                                                                                                                                        • Opcode ID: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                                                                                                                                                                                                                        • Instruction ID: bce1a9391340f9688fe0750810cd2cb1b104417d8b3c1e96578cdf6de8724fbd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4F0C83634132077E5301A69AC8DFCF276CABDAB32F20452EF741A61C083D51445977D
                                                                                                                                                                                                                        Function 0044EBBC Relevance: 7.6, APIs: 1, Strings: 3, Instructions: 551COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _strncmp
                                                                                                                                                                                                                        • String ID: ACCEPT$^$h
                                                                                                                                                                                                                        • API String ID: 909875538-4263704089
                                                                                                                                                                                                                        • Opcode ID: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
                                                                                                                                                                                                                        • Instruction ID: 72a2cba82410d8b1d90f72ff5cad5771b474d57714a55a9933f2c727144888ce
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE22A0746083818FE725CF29C48076BBBE2BFC9304F24896EE8D587351D779984ACB56
                                                                                                                                                                                                                        Function 0040D7F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _set_new_mode.LIBCMT ref: 0040D88C
                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 0040D8B9
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 0040D8CE
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeInfoLibraryParametersSystem_set_new_mode
                                                                                                                                                                                                                        • String ID: #v
                                                                                                                                                                                                                        • API String ID: 1188159508-554117064
                                                                                                                                                                                                                        • Opcode ID: 06ca62d5f0ac41005a4bed089aefec56480100fd5cca74c1e28fe2d3c932602c
                                                                                                                                                                                                                        • Instruction ID: 2b4412acdce639bfbf0f9e0c9ecf3f694f94d165ded01d265c3c64edb54a61d9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06ca62d5f0ac41005a4bed089aefec56480100fd5cca74c1e28fe2d3c932602c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2215EB19183009FC700EF56D88150ABBE4FB98354F44497EF849A72A2D735A945CB9A
                                                                                                                                                                                                                        Function 00446566 Relevance: 5.9, Strings: 4, Instructions: 868COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: ERCP$VUUU$VUUU$VUUU
                                                                                                                                                                                                                        • API String ID: 0-2165971703
                                                                                                                                                                                                                        • Opcode ID: fe5f619ecbbb89e409f3ebcf557090f4afc22d0cdf4dbad8df8e547bb5c0b5b7
                                                                                                                                                                                                                        • Instruction ID: 514654dd073cfe12bfc68f6c44a091d7a3824994b709b832431b3f3de6bbd106
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe5f619ecbbb89e409f3ebcf557090f4afc22d0cdf4dbad8df8e547bb5c0b5b7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5562D3716087818BE734CF18C8807ABB7E1EBC6314F154A2FE49986390E779D949CB5B
                                                                                                                                                                                                                        Function 0045C999 Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045C9BE
                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 0045CA1B
                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CA4A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3541575487-0
                                                                                                                                                                                                                        • Opcode ID: 14602e3ddb85434cb4a191148b4ac58dc13c9e22f939418703ff5d8e88b69fcb
                                                                                                                                                                                                                        • Instruction ID: 18858b47483a38653cd59612877c1399ad483e9f26b014a4aa46912757e3bc7b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14602e3ddb85434cb4a191148b4ac58dc13c9e22f939418703ff5d8e88b69fcb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC41CE756003009FC720EF79D880A9BB3E4FF89315F208A6EED698B391D775A844CB95
                                                                                                                                                                                                                        Function 00436ADE Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(00000001,00000000), ref: 00436AEF
                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00000001,?), ref: 00436B00
                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00436B13
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileFind$AttributesCloseFirst
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 48322524-0
                                                                                                                                                                                                                        • Opcode ID: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                                                                                                                                                                                                                        • Instruction ID: 417b6d6de692ea6945bae3bf725251b28653fd5bce93257cef0f58e2a105c1b1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23E02236804418678600AB7CAC0C4EE779CDB0A335F100B96FE38C21D0D775A9408FEA
                                                                                                                                                                                                                        Function 00443390 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __time64.LIBCMT ref: 004433A2
                                                                                                                                                                                                                          • Part of subcall function 00414CEF: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004341DB,00000000,?,0044248A,?,?,?,0048B850), ref: 00414CFA
                                                                                                                                                                                                                          • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Time$FileSystem__aulldiv__time64
                                                                                                                                                                                                                        • String ID: rJ
                                                                                                                                                                                                                        • API String ID: 2893107130-1865492326
                                                                                                                                                                                                                        • Opcode ID: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                                                                                                                                                                                                                        • Instruction ID: ebc1a5536eae3429eadb0b33e849de59894c076497330b79c1ff8485d89898ec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B721A2336205108BF321CF36CC41652B7E7EBE0314F268A6AE4A5973C5CA797906CB98
                                                                                                                                                                                                                        Function 00443391 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __time64.LIBCMT ref: 004433A2
                                                                                                                                                                                                                          • Part of subcall function 00414CEF: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004341DB,00000000,?,0044248A,?,?,?,0048B850), ref: 00414CFA
                                                                                                                                                                                                                          • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Time$FileSystem__aulldiv__time64
                                                                                                                                                                                                                        • String ID: rJ
                                                                                                                                                                                                                        • API String ID: 2893107130-1865492326
                                                                                                                                                                                                                        • Opcode ID: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                                                                                                                                                                                                                        • Instruction ID: 4b4e0c3debee0a45c2bc781276f994e79ac96c452fb6cf924f1e6ade5adf298d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E82187336345108BF321CF36CC4165277E3EBE0314B258B6AD4A5973C5CA797906CB88
                                                                                                                                                                                                                        Function 0044289D Relevance: 3.1, APIs: 2, Instructions: 82networkfileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • InternetQueryDataAvailable.WININET(?,?,?,?,00000000,00000000), ref: 004428C2
                                                                                                                                                                                                                        • InternetReadFile.WININET(?,00000000,?,?), ref: 004428F9
                                                                                                                                                                                                                          • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 901099227-0
                                                                                                                                                                                                                        • Opcode ID: c5651eff999419169b46b76971b5abcb261cf656e183e849eb3ab7268b4b60d7
                                                                                                                                                                                                                        • Instruction ID: 2c15810e60b1cb59304632cc8162977c32d0240baa2dcf3c2cd6ef22f942a6bb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c5651eff999419169b46b76971b5abcb261cf656e183e849eb3ab7268b4b60d7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 452174B12043016BF220EF56DD45FAFB3E8ABD4715F40492EF285A6180D7B8E949C76A
                                                                                                                                                                                                                        Function 0045DD7C Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045DDA1
                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0045DDDD
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                        • Opcode ID: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                                                                                                                                                                                                                        • Instruction ID: 3577cc1601137e614a3334ffa73c6d258275d41fe8d72aaca367a27ef3e2a016
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE11E5766002049FD710EF6ADC89A5AF7E5EF84325F10892EF958D7281CB75E8048B94
                                                                                                                                                                                                                        Function 0047CBF0 Relevance: 2.9, Strings: 2, Instructions: 418COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: 0vH$HH
                                                                                                                                                                                                                        • API String ID: 0-728391547
                                                                                                                                                                                                                        • Opcode ID: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                                                                                                                                                                                                                        • Instruction ID: 538a6706abcc28c04bdc151be30d2aa4e2083a8dfdfa6c30a7857f36827e6882
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60E1BE725143109FC310EF25C881A9FB7E5AFC4708F108D2EF589AB281D779E946CB9A
                                                                                                                                                                                                                        Function 0040F890 Relevance: 2.1, APIs: 1, Instructions: 589COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _memset
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2102423945-0
                                                                                                                                                                                                                        • Opcode ID: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                                                                                                                                                                                                                        • Instruction ID: fac722ae1e10b3ad9494cda40f9fb3e9e62b3c26aea04ddfc6562ea9d2065ebb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C512B4B7B983194FDB48DEE4DCC169573E1FB98304F09A43C9A15C7306F6E8AA094794
                                                                                                                                                                                                                        Function 0047E1FA Relevance: 2.0, APIs: 1, Instructions: 499COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,?,?,?,004A83D8,?), ref: 0047E22C
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Proc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2346855178-0
                                                                                                                                                                                                                        • Opcode ID: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                                                                                                                                                                                                                        • Instruction ID: e1c03c818efbd3cbf3664a0c3e659178dbc9a05004c0f073233894ce1d713c90
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4EB1E63330602429E114916BBC88EBFBB9CD7D677BB208B7FF142C1582DB5B6425A179
                                                                                                                                                                                                                        Function 0045A259 Relevance: 1.5, APIs: 1, Instructions: 21keyboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • BlockInput.USER32(00000001), ref: 0045A272
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: BlockInput
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3456056419-0
                                                                                                                                                                                                                        • Opcode ID: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                                                                                                                                                                                                                        • Instruction ID: 5d782454ef4d0180448527013755d2523f66e5fc327f68786c1d80a86620ac83
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2E04F752043019BC700EF71C545A5BB7E4AF94314F108C6EF845A7351D775AC45CB66
                                                                                                                                                                                                                        Function 0043916A Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 0043918E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: LogonUser
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1244722697-0
                                                                                                                                                                                                                        • Opcode ID: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                                                                                                                                                                                                                        • Instruction ID: 63114e5cfb2c4979e73f5d19eacf740c811f86df1a08bc2cb556a5e36cce81ff
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DD0ECB52686066FD204CB24D846E2B77E9A7C4701F008A0CB196D2280C670D805CA32
                                                                                                                                                                                                                        Function 004711D2 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: NameUser
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2645101109-0
                                                                                                                                                                                                                        • Opcode ID: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                                                                                                                                                                                                                        • Instruction ID: 8011c19b6c32d183c263453b2018abc548473ce9ed5616c99acac4896e71f792
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6E08C322083058FC310EF55F8405ABB390EB94311F004C3FE64AA2191DA79920EDFAB
                                                                                                                                                                                                                        Function 0042202E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_00021FEC), ref: 00422033
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                                        • Opcode ID: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                                                                                                                                                                                                                        • Instruction ID: 3275b40964251646410af8875a24301f93fa315c26af6adae0ca3d0f7a721f84
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD9002743511144A4A011BB16E5D90925D46A586067920875B411C4064DB9840019619
                                                                                                                                                                                                                        Function 00412C38 Relevance: .4, Instructions: 384COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                                                                        • Instruction ID: b3f199f19983f506b623bfe7955a95149e6efe4e98ce3416cc40fa12ddcf4508
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46D19073C0A9B30A8735812D42582BFEE626FD578131EC3E29CD07F38AD26B5DA195D4
                                                                                                                                                                                                                        Function 00412818 Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                                                                        • Instruction ID: c47bdb3f9c9e38c5d46ddb9e43dedaf70276048770aeb58bd274f21c588a824b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CD19073D1A9B30A8735852D42581AFEE626FD578031EC3E2CCD07F38AD16B5DA191D4
                                                                                                                                                                                                                        Function 0041240C Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                                                                        • Instruction ID: ac15b8da1a4b082d71a0b082c8349c97121379a14580263daf363e6ab8f75410
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87C18173C0A9B30A8736812D42641AFEE626FD579031FC3E2CCD47F38A91AB5DA195D4
                                                                                                                                                                                                                        Function 00412038 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                                                                        • Instruction ID: aa957cafbedeae1199dea6a597ba911d219650f283d164fb65797e90308ef47b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5FC18E73D0A9B30A8735812D42581AFEE626FD578031EC3E28CE46F38ED26F5DA195D4
                                                                                                                                                                                                                        Function 00490D70 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 89f60ca6f4c2027b0bbf2fcf036b79f06bc2c031727fe39cd29ea58a2699f21d
                                                                                                                                                                                                                        • Instruction ID: 0680b41a0c351b236ac94a529e1071317fbb884cd6501f8b7c7cee94c9daebea
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89f60ca6f4c2027b0bbf2fcf036b79f06bc2c031727fe39cd29ea58a2699f21d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D41556504E7D04FCB138BB888B9AA27FB0AE07214B5F44DBC4C5CF4B3D658994AC722
                                                                                                                                                                                                                        Function 04032770 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2131431278.000000000402F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0402F000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_402f000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                                                                                                                        • Instruction ID: e653388aace9aa43e813b2a314afd2a3eafb9ead34b82f43c597600371b11e02
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A841B371D1051CEBCF48CFADC991AEEBBF2AF88201F648299D516AB345D730AB41DB50
                                                                                                                                                                                                                        Function 04032600 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2131431278.000000000402F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0402F000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_402f000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                                                                                                                        • Instruction ID: eb05ce769b2da7495bf14063b5b641d63659c46ace16f94cfc758eba5fdfaf82
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0018474A01109EFCB44DF98C5909ADFBF5FF48210F2085D9D819A7701E730AE41DB80
                                                                                                                                                                                                                        Function 04032660 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2131431278.000000000402F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0402F000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_402f000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                                                                                                                        • Instruction ID: 1c69a63d99e18f6694104338337f7eadba0ba013382b23c79145073818b958c5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28018078A01109EFCB44DFA9C5909AEFBF9FF88210B208599D809A7301E730AE41DB80
                                                                                                                                                                                                                        Function 00410D10 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                                                                                                                                                                                                                        • Instruction ID: b8cfd58d412160527e66ace840abba843d94ac3f5b06779728c9fe736b8606cc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ECD012F621844146F33144D866C0BD100437344310FB58C276005CEBC1C0DDECD6C229
                                                                                                                                                                                                                        Function 04030FF0 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2131431278.000000000402F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0402F000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_402f000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                                                                                                                        • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                                                                                                                                                                        Function 00459384 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 480filewindowcomCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 004593D7
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 004593F1
                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00459407
                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 0045942A
                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00459431
                                                                                                                                                                                                                        • SetRect.USER32(50000001,00000000,00000000,000001F4,?), ref: 00459568
                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00459577
                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,?,?,50000001,?,?,00000000,00000000), ref: 004595BB
                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 004595C8
                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 00459615
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,?,80000000,00000000,00000000,00000003,00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459635
                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459654
                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 0045965F
                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00459668
                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459678
                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0045967F
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459686
                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,50000001,?,?,00000000,00000000,00000000), ref: 00459694
                                                                                                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,000001F4), ref: 004596AD
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 004596C0
                                                                                                                                                                                                                        • CopyImage.USER32(000000FF,00000000,00000000,00000000,00002000), ref: 004596EF
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000172,00000000,000000FF), ref: 00459712
                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,50000001,?,?,00000000,00000000,00000000), ref: 0045973D
                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000004,?,50000001,?,?,00000000,00000000,00000000), ref: 0045974B
                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,?,?,0000000B,0000000B,?,?,?,00000000,00000000), ref: 0045979C
                                                                                                                                                                                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004597AD
                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 004597B7
                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 004597BF
                                                                                                                                                                                                                        • GetTextFaceW.GDI32(00000000,00000040,00000190,?,50000001,?,?,00000000,00000000,00000000), ref: 004597CD
                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004597D6
                                                                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 004597E1
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00459800
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 0045981F
                                                                                                                                                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 004598BB
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 004598D0
                                                                                                                                                                                                                        • GetDC.USER32(?), ref: 004598DE
                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 004598EE
                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00459919
                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00459925
                                                                                                                                                                                                                        • MoveWindow.USER32(?,0000000B,?,?,?,00000001), ref: 00459943
                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 00459951
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
                                                                                                                                                                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                        • API String ID: 4040870279-2373415609
                                                                                                                                                                                                                        • Opcode ID: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                                                                                                                                                                                                                        • Instruction ID: fce7466cc8f2b4b34a2e278d60cb4f704f90ff1017bfb666dbfc83d8aba9d67a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F028C70204301EFD714DF64DE89F2BB7A8AB84705F104A2DFA45AB2D2D7B4E805CB69
                                                                                                                                                                                                                        Function 00441E05 Relevance: 49.8, APIs: 33, Instructions: 276COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetSysColor.USER32(00000012), ref: 00441E64
                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00441E6C
                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00441E83
                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00441E8F
                                                                                                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00441EAA
                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00441EBA
                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00441EF0
                                                                                                                                                                                                                        • GetSysColor.USER32(00000010), ref: 00441EF8
                                                                                                                                                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 00441EFF
                                                                                                                                                                                                                        • FrameRect.USER32(?,?,00000000), ref: 00441F10
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00441F1B
                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 00441F75
                                                                                                                                                                                                                        • FillRect.USER32(?,?,?), ref: 00441FB6
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: GetSysColor.USER32(0000000E), ref: 00433D81
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: SetTextColor.GDI32(?,00000000), ref: 00433D89
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: GetSysColorBrush.USER32(0000000F), ref: 00433DBF
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: GetSysColor.USER32(0000000F), ref: 00433DCB
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: GetSysColor.USER32(00000011), ref: 00433DEB
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00433DFD
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: SelectObject.GDI32(?,00000000), ref: 00433E0D
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: SetBkColor.GDI32(?,?), ref: 00433E19
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: SelectObject.GDI32(?,?), ref: 00433E29
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: InflateRect.USER32(?,000000FF,000000FF), ref: 00433E54
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00433E73
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: GetWindowLongW.USER32 ref: 00433E8A
                                                                                                                                                                                                                          • Part of subcall function 00433D5C: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00433EAC
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 69173610-0
                                                                                                                                                                                                                        • Opcode ID: 63a2be33accb074b4178bb2d7a96f271ea41f5903b36f57aa3a0bb7ff7b8698e
                                                                                                                                                                                                                        • Instruction ID: 0b0c06e318eae1aa70623bc76f746578ebcda4f465cb69034399d4c57c44293d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63a2be33accb074b4178bb2d7a96f271ea41f5903b36f57aa3a0bb7ff7b8698e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBB14D71508300AFD314DF64DD88A6FB7F8FB88720F504A2DF996922A0D774E845CB66
                                                                                                                                                                                                                        Function 00403E50 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 236COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __wcsnicmp
                                                                                                                                                                                                                        • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                        • API String ID: 1038674560-3360698832
                                                                                                                                                                                                                        • Opcode ID: c74d0d52908dbbec4f5022c33a9c4844136c2b84c95de0bb8b15b994b6f8f789
                                                                                                                                                                                                                        • Instruction ID: b6083b7aed1673b33e689ff2aa7e8f17f47d7310e90ec65f4167159f85ee96f3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c74d0d52908dbbec4f5022c33a9c4844136c2b84c95de0bb8b15b994b6f8f789
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A611471B4071076EA306A229C46FAB735CDF14345F50052FFC01A628BE7ADDA4A86EE
                                                                                                                                                                                                                        Function 00433D5C Relevance: 42.2, APIs: 28, Instructions: 198windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetSysColor.USER32(0000000E), ref: 00433D81
                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00433D89
                                                                                                                                                                                                                        • GetSysColor.USER32(00000012), ref: 00433DA3
                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00433DAB
                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00433DBF
                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00433DCB
                                                                                                                                                                                                                        • CreateSolidBrush.GDI32(?), ref: 00433DD4
                                                                                                                                                                                                                        • GetSysColor.USER32(00000011), ref: 00433DEB
                                                                                                                                                                                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00433DFD
                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00433E0D
                                                                                                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00433E19
                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00433E29
                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00433E54
                                                                                                                                                                                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00433E73
                                                                                                                                                                                                                        • GetWindowLongW.USER32 ref: 00433E8A
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00433EAC
                                                                                                                                                                                                                        • GetWindowTextW.USER32(00000000,00000000,00000105), ref: 00433EE1
                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00433F13
                                                                                                                                                                                                                        • DrawFocusRect.USER32(?,?), ref: 00433F1F
                                                                                                                                                                                                                        • GetSysColor.USER32(00000011), ref: 00433F2E
                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00433F36
                                                                                                                                                                                                                        • DrawTextW.USER32(?,?,000000FF,?,?), ref: 00433F4E
                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00433F63
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00433F70
                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00433F78
                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00433F7B
                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00433F83
                                                                                                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00433F8F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1582027408-0
                                                                                                                                                                                                                        • Opcode ID: e151e7129dedd9b649cf5279759d6c8ca4f2d2edd5ec07a1e2c3294b07796789
                                                                                                                                                                                                                        • Instruction ID: aa454ab644ffbff4d2185aee23397a25bdbdaef3ad5a75b83a3ebbbeed3afe32
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e151e7129dedd9b649cf5279759d6c8ca4f2d2edd5ec07a1e2c3294b07796789
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53710570508340AFD304DF68DD88A6FBBF9FF89711F104A2DFA5592290D7B4E9418B6A
                                                                                                                                                                                                                        Function 0046C604 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 216clipboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • OpenClipboard.USER32(?), ref: 0046C635
                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046C643
                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 0046C64F
                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 0046C65D
                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 0046C688
                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 0046C692
                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 0046C6D5
                                                                                                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 0046C6DD
                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 0046C6EE
                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0046C726
                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 0046C866
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$CloseGlobal$AvailableDataFormatLock$OpenUnlock
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 589737431-2761332787
                                                                                                                                                                                                                        • Opcode ID: 1f8588b948bb152d659cc961560e711d284fc80ef968a1445fa6f6d22cce4332
                                                                                                                                                                                                                        • Instruction ID: ccec0c76267f611a980a6192e38ed766f4c6ddce8b7f15b38bc446a2cb1d96e7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f8588b948bb152d659cc961560e711d284fc80ef968a1445fa6f6d22cce4332
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D61E5722003019BD310EF65DD86B5E77A8EF54715F00483EFA41E72D1EBB5D9048BAA
                                                                                                                                                                                                                        Function 0045657D Relevance: 38.8, APIs: 19, Strings: 3, Instructions: 287windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00456692
                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 004566AA
                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 004566B1
                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0045670D
                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00456720
                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00456731
                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456779
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00456797
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567C0
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000421,?,?), ref: 004567D8
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 004567EE
                                                                                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 00456812
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 0045682E
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 00456843
                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0045685C
                                                                                                                                                                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 00456880
                                                                                                                                                                                                                        • GetMonitorInfoW.USER32 ref: 00456894
                                                                                                                                                                                                                        • CopyRect.USER32(?,?), ref: 004568A8
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000412,00000000), ref: 0045690A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$MessageSend$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                                                                                                                                                                                                                        • String ID: ($,$tooltips_class32
                                                                                                                                                                                                                        • API String ID: 541082891-3320066284
                                                                                                                                                                                                                        • Opcode ID: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                                                                                                                                                                                                                        • Instruction ID: 3987ef5f26dee50c6234681dd74380f3ee0746d74ffcadc96223edc745891050
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33B18EB0604341AFD714DF64C984B6BB7E5EF88704F408D2DF989A7292D778E848CB5A
                                                                                                                                                                                                                        Function 00454DAA Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 203windowlibraryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00454DCF
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00454DE2
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 00454DEF
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00454E04
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 00454E11
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00454E24
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 00454E31
                                                                                                                                                                                                                          • Part of subcall function 004115D0: __wcsicmp_l.LIBCMT ref: 00411657
                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00454E65
                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,?,?,?,?,?,?,?,00000000), ref: 00454E79
                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,00000000,?,00000001,?,?), ref: 00454EB7
                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00454EFB
                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,00000000,?,00000001,?,?), ref: 00454F2C
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00454F37
                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,?,00000001), ref: 00454F94
                                                                                                                                                                                                                        • DestroyIcon.USER32(?), ref: 00454FA2
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00454FC0
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00454FCC
                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00454FF1
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Load$Image_wcslen$__wcsicoll$IconLibraryMessageSend$DestroyExtractFreeMoveWindow__wcsicmp_l
                                                                                                                                                                                                                        • String ID: .dll$.exe$.icl$#v
                                                                                                                                                                                                                        • API String ID: 2511167534-1852478350
                                                                                                                                                                                                                        • Opcode ID: 3f138871eb6b7f703bfd118eaab481945a2915db6d26b5ab3e2ea40d00a2935e
                                                                                                                                                                                                                        • Instruction ID: 777b7c61fe84a0ac0f88e3bb9536c5d4e291b97e4b5026f6b39318954af55ba4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f138871eb6b7f703bfd118eaab481945a2915db6d26b5ab3e2ea40d00a2935e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D461D9711043016AE620DF659D85F7B73ECEF84B0AF00481EFE81D5182E7B9A989C77A
                                                                                                                                                                                                                        Function 00436B3A Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 190COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00436B4E
                                                                                                                                                                                                                        • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000), ref: 00436B73
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00436B79
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 00436B9F
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 00436BC0
                                                                                                                                                                                                                        • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00436BE7
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 00436C2A
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 00436C31
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 00436C4B
                                                                                                                                                                                                                        • _wcsncpy.LIBCMT ref: 00436C62
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcscat$FileInfoVersion$QuerySizeValue__wcsicoll_wcscpy_wcslen_wcsncpy
                                                                                                                                                                                                                        • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                        • API String ID: 1503153545-1459072770
                                                                                                                                                                                                                        • Opcode ID: 8f115a8dcca366765dccafad874a9911a33c709b0333e454bef2361e27f7839d
                                                                                                                                                                                                                        • Instruction ID: f4118b49cd66f9fee818cdfc0bae26735a4a754b0a3131160812af9443992caa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f115a8dcca366765dccafad874a9911a33c709b0333e454bef2361e27f7839d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B54115B264020137D200B7269C83EFF735CDE99715F54091FFE45A2253FA2EA69642BE
                                                                                                                                                                                                                        Function 00452788 Relevance: 34.8, APIs: 23, Instructions: 344COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 004431E0: __time64.LIBCMT ref: 004431EA
                                                                                                                                                                                                                        • _fseek.LIBCMT ref: 004527FC
                                                                                                                                                                                                                        • __wsplitpath.LIBCMT ref: 0045285C
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 00452871
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 00452886
                                                                                                                                                                                                                        • __wsplitpath.LIBCMT ref: 004528B0
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 004528C8
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 004528DD
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 00452914
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 00452925
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 00452944
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 00452955
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 00452976
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 00452987
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 00452998
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 004529A9
                                                                                                                                                                                                                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
                                                                                                                                                                                                                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
                                                                                                                                                                                                                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
                                                                                                                                                                                                                          • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
                                                                                                                                                                                                                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
                                                                                                                                                                                                                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
                                                                                                                                                                                                                          • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
                                                                                                                                                                                                                        • __fread_nolock.LIBCMT ref: 00452A39
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2054058615-0
                                                                                                                                                                                                                        • Opcode ID: 983239acf030dd5dbcb525efe1f3094d5bf78e470c43ee0c462dc16c64ee25c2
                                                                                                                                                                                                                        • Instruction ID: 66779ec6e5012556871fefb3c18d5d4f0449fb8b445ab61f685bb60241e2a5ae
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 983239acf030dd5dbcb525efe1f3094d5bf78e470c43ee0c462dc16c64ee25c2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16C14EB2508340ABD320DF65C881EEBB7E8EFC9714F444D2FF68987241E6799544CBA6
                                                                                                                                                                                                                        Function 004559A8 Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 401COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                        • Opcode ID: 3341d5ccd3f52121a0b9d5f5b9edb9a4c3413db68c9c5c7597b80800bbf161ae
                                                                                                                                                                                                                        • Instruction ID: a4e6889c8706d2a682ad3cc8acca51b009283e1ae9b51da70db0806919efebf9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3341d5ccd3f52121a0b9d5f5b9edb9a4c3413db68c9c5c7597b80800bbf161ae
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95C104723403416BF3209B64DC46FBBB794EB95321F04453FFA45D62C1EBBA9409876A
                                                                                                                                                                                                                        Function 00448759 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SetWindowPos.USER32(004A83D8,00000000,00000000,00000000,00000000,00000000,00000013,004A83D8,?,?), ref: 0044880A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 2353593579-4108050209
                                                                                                                                                                                                                        • Opcode ID: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                                                                                                                                                                                                                        • Instruction ID: 13976ff69904029c6bcd7d6129a783336058688c161485e0dcc644b2654616cc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94B19DB02443419FF324CF14C889BABBBE4EB89744F14491EF991972D1DBB8E845CB5A
                                                                                                                                                                                                                        Function 0044A0EA Relevance: 31.7, APIs: 21, Instructions: 196windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetSysColor.USER32 ref: 0044A11D
                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0044A18D
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A1A6
                                                                                                                                                                                                                        • GetWindowDC.USER32(?), ref: 0044A1B3
                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 0044A1C6
                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 0044A1D6
                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 0044A1EC
                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0044A207
                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 0044A216
                                                                                                                                                                                                                        • GetSysColor.USER32(00000005), ref: 0044A21E
                                                                                                                                                                                                                        • GetWindowDC.USER32 ref: 0044A277
                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A28A
                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,00000000), ref: 0044A29F
                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,00000000,?), ref: 0044A2B4
                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 0044A2D0
                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 0044A2D8
                                                                                                                                                                                                                        • SetTextColor.GDI32(00000000,?), ref: 0044A2F6
                                                                                                                                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 0044A30A
                                                                                                                                                                                                                        • GetStockObject.GDI32(00000005), ref: 0044A312
                                                                                                                                                                                                                        • SetBkColor.GDI32(00000000,00000000), ref: 0044A328
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1744303182-0
                                                                                                                                                                                                                        • Opcode ID: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                                                                                                                                                                                                                        • Instruction ID: f407f88e1fc9bdd08975b2e96734b256c85d8f08b0ead5e1f8dbf5832e348edb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD6148315442016BE3209B388C88BBFB7A4FB49324F54079EF9A8973D0D7B99C51D76A
                                                                                                                                                                                                                        Function 0046884B Relevance: 31.6, APIs: 6, Strings: 12, Instructions: 113COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __wcsicoll$__wcsnicmp
                                                                                                                                                                                                                        • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                                                                                                        • API String ID: 790654849-1810252412
                                                                                                                                                                                                                        • Opcode ID: 3ef763bd77a89c14e9ef14da431a542ecfa9ee53dca0875bc5fd58ba0035de2e
                                                                                                                                                                                                                        • Instruction ID: 1b62209f2aa4de5792947d5a3aa61dcd1c874d3672784017b8f4b2c72f71c34c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ef763bd77a89c14e9ef14da431a542ecfa9ee53dca0875bc5fd58ba0035de2e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A3193B1644301A7CA00FA61DC83F5B73A85F54759F100A3FB955B61D6FA6CEA0C862F
                                                                                                                                                                                                                        Function 0046CAAA Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: >>>AUTOIT SCRIPT<<<$\
                                                                                                                                                                                                                        • API String ID: 0-1896584978
                                                                                                                                                                                                                        • Opcode ID: 044f2c4ecf877d2b2fc48157703a0e30c53185d3f7c6c17f150f9ffb4993ef22
                                                                                                                                                                                                                        • Instruction ID: e6fbcda15cb9520e0e34bfac0f9750edaedb1b44b840e2dcfb1a2c219c195b9a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 044f2c4ecf877d2b2fc48157703a0e30c53185d3f7c6c17f150f9ffb4993ef22
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 907186B2504300ABC720EB65C885FEBB3E8AF94714F148D1FF58997142E679E648C75A
                                                                                                                                                                                                                        Function 00476A8A Relevance: 27.3, APIs: 18, Instructions: 332COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InitVariant
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1927566239-0
                                                                                                                                                                                                                        • Opcode ID: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                                                                                                                                                                                                                        • Instruction ID: b17386a2766a1a739d91313a8bf0106a5dd250ff49ec0cac6ee5761d63536315
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87A1F5766146019FC300EF65D88499FB7AAFF85315F408D3EFA49C3211D77AD4098BAA
                                                                                                                                                                                                                        Function 0046D6EB Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 474COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                        • GetForegroundWindow.USER32(?,?), ref: 0046D7C1
                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 0046DBA4
                                                                                                                                                                                                                        • IsWindow.USER32(?), ref: 0046DBDE
                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 0046DCB5
                                                                                                                                                                                                                        • EnumChildWindows.USER32(00000000), ref: 0046DCBC
                                                                                                                                                                                                                        • EnumWindows.USER32(00460772,?), ref: 0046DCC4
                                                                                                                                                                                                                          • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$EnumForegroundWindows_wcslen$ChildDesktop
                                                                                                                                                                                                                        • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                                                                                                        • API String ID: 1322021666-1919597938
                                                                                                                                                                                                                        • Opcode ID: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                                                                                                                                                                                                                        • Instruction ID: 252cd24da08a8cddfda52e39780f3f39bafd894638fb43d2866a45805a666b3e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96F1C571D143409BCB00EF61C881EAB73A4BF95308F44496FF9456B286E77DE909CB6A
                                                                                                                                                                                                                        Function 0045DE12 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 190timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 0045DED4
                                                                                                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 0045DEE4
                                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0045DEF0
                                                                                                                                                                                                                        • _wcsncpy.LIBCMT ref: 0045DF0F
                                                                                                                                                                                                                        • __wsplitpath.LIBCMT ref: 0045DF54
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 0045DF6C
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 0045DF7E
                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0045DF93
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0045DFA7
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0045DFE5
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0045DFFB
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0045E00D
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 0045E019
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0045E05F
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentDirectory$Time$File$Local_wcscat$System__wsplitpath_wcscpy_wcsncpy
                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                        • API String ID: 3201719729-438819550
                                                                                                                                                                                                                        • Opcode ID: 89541da3f554ebb8d42e95f45bc66f31ca584aff69b040987f949bd9346ecb30
                                                                                                                                                                                                                        • Instruction ID: 9ef8ac46b2ec3f8a2b66e183c5d6435db2730cdd54c1860218fefef83dfd89d7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89541da3f554ebb8d42e95f45bc66f31ca584aff69b040987f949bd9346ecb30
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D061A7B25043049BC724EF65C881E9FB3E8AF94704F048E1EF98987241DB79E949CB96
                                                                                                                                                                                                                        Function 0043737D Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __wcsicoll$IconLoad
                                                                                                                                                                                                                        • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                        • API String ID: 2485277191-404129466
                                                                                                                                                                                                                        • Opcode ID: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                                                                                                                                                                                                                        • Instruction ID: 3fdcc892c2a25cebf9aff257507665a297d4e16c4260cb8f6e9492a672fb13e0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB2128B6B08301A7D610A725BC05FDF27489FA8365F004C2BF941E2283F3A8A45583BD
                                                                                                                                                                                                                        Function 00428604 Relevance: 25.8, APIs: 17, Instructions: 306stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CompareStringW.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428611
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428627
                                                                                                                                                                                                                        • strncnt.LIBCMT ref: 00428646
                                                                                                                                                                                                                        • strncnt.LIBCMT ref: 0042865A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: strncnt$CompareErrorLastString
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1776594460-0
                                                                                                                                                                                                                        • Opcode ID: 409d39d31d49c90a4132468ed3074cd5345a98ee66abf4e21a74ff80ab18450e
                                                                                                                                                                                                                        • Instruction ID: 056e5a993d73ec50dc3c8e072878bb631c9b69e1f80941a2a69bbd8adeb14d7f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 409d39d31d49c90a4132468ed3074cd5345a98ee66abf4e21a74ff80ab18450e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0DA1B131B01225AFDF219F61EC41AAF7BB6AF94340FA4402FF81196251DF3D8891CB58
                                                                                                                                                                                                                        Function 004545C9 Relevance: 25.7, APIs: 17, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadIconW.USER32(?,00000063), ref: 004545DA
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 004545EC
                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00454606
                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 0045461F
                                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00454626
                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00454637
                                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 0045463E
                                                                                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00454663
                                                                                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 0045467D
                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00454688
                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 004546FD
                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00454708
                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 0045470F
                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,00000000,?,?,00000000), ref: 00454760
                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0045476F
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000005,00000000,?), ref: 0045479E
                                                                                                                                                                                                                        • SetTimer.USER32(?,0000040A,?,00000000), ref: 004547E9
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3869813825-0
                                                                                                                                                                                                                        • Opcode ID: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                                                                                                                                                                                                                        • Instruction ID: 4e77de65cc6986e78e6be143d0a4b9e7f39e78804b6f4fc71fe9e35dfcfd5046
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C616D71604701AFD320DF68CD88F2BB7E8AB88709F004E1DF98697691D7B8E849CB55
                                                                                                                                                                                                                        Function 00458D1C Relevance: 25.6, APIs: 17, Instructions: 112COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 00458D2D
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00458D3A
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 00458D47
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 00458D54
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 00458D61
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F81), ref: 00458D6E
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 00458D7B
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F80), ref: 00458D88
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 00458D95
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 00458DA2
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 00458DAF
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 00458DBC
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 00458DC9
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 00458DD6
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 00458DE3
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 00458DF0
                                                                                                                                                                                                                        • GetCursorInfo.USER32 ref: 00458E03
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Cursor$Load$Info
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2577412497-0
                                                                                                                                                                                                                        • Opcode ID: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                                                                                                                                                                                                                        • Instruction ID: 36b4ee280ed0253346847529aeb00c95e660e1b7f2a6688567eec4957a26740b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9311671E4C3156AE7509F758C5AB1BBEE0AF40B54F004D2FF2889F2D1DAB9E4448B86
                                                                                                                                                                                                                        Function 00469681 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 253windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 004696CC
                                                                                                                                                                                                                        • GetFocus.USER32 ref: 004696E0
                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 004696EB
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046973F
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessagePost$CtrlFocus
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 1534620443-4108050209
                                                                                                                                                                                                                        • Opcode ID: 833d13db40ec40dec0483232b6284f8533ca83f9805c84b893a2fb0fb577edd9
                                                                                                                                                                                                                        • Instruction ID: 7d80af5808d25915b866e76daf530f36ef8b085de22dc1c7fc8dbb607ae8adb7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 833d13db40ec40dec0483232b6284f8533ca83f9805c84b893a2fb0fb577edd9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1591E1B1604301ABD710DF14D884BABB7A8FB89714F004A1EF99497391E7B4DC49CBAB
                                                                                                                                                                                                                        Function 004680EB Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 204windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00468107
                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,00000007,00000000,?), ref: 00468190
                                                                                                                                                                                                                        • GetMenuItemCount.USER32(?), ref: 00468227
                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000005,00000000), ref: 004682B8
                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000004,00000000), ref: 004682C1
                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000006,00000000,?,00000004,00000000), ref: 004682CA
                                                                                                                                                                                                                        • DeleteMenu.USER32(00000000,00000003,00000000,?,00000006,00000000,?,00000004,00000000), ref: 004682D3
                                                                                                                                                                                                                        • GetMenuItemCount.USER32 ref: 004682DC
                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32 ref: 00468317
                                                                                                                                                                                                                        • GetCursorPos.USER32(00000000), ref: 00468322
                                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 0046832D
                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,00000000,00000006,?,00000000,?,?,00000006,00000000,?,00000004,00000000), ref: 00468345
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468352
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 3993528054-4108050209
                                                                                                                                                                                                                        • Opcode ID: 96134d5ccf85dd2c353584f61e992c1258bc53944db1005dc2f45aa542165571
                                                                                                                                                                                                                        • Instruction ID: a450cccb4b36e122d1eca3afa35c85d1e57e2007e4dd5bc50ce81cada7f4397f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96134d5ccf85dd2c353584f61e992c1258bc53944db1005dc2f45aa542165571
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C71C070648301ABE3309B14CC49F5BB7E8BF86724F244B0EF5A5563D1DBB9A8458B1B
                                                                                                                                                                                                                        Function 0046F2B0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 185windowfileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DragQueryPoint.SHELL32(?,?), ref: 0046F2DA
                                                                                                                                                                                                                          • Part of subcall function 00441CB4: ClientToScreen.USER32(00000000,?), ref: 00441CDE
                                                                                                                                                                                                                          • Part of subcall function 00441CB4: GetWindowRect.USER32(?,?), ref: 00441D5A
                                                                                                                                                                                                                          • Part of subcall function 00441CB4: PtInRect.USER32(?,?,?), ref: 00441D6F
                                                                                                                                                                                                                        • SendMessageW.USER32(?), ref: 0046F34C
                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0046F355
                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0046F37F
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 0046F3BC
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0046F3D1
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0046F3E3
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F3F1
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F40E
                                                                                                                                                                                                                        • DragFinish.SHELL32(?), ref: 0046F414
                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0046F4FC
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$Drag$Query$FileRect$ClientFinishPointProcScreenWindow_wcscat
                                                                                                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                        • API String ID: 4085615965-3440237614
                                                                                                                                                                                                                        • Opcode ID: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                                                                                                                                                                                                                        • Instruction ID: d92027b63b9478c52a8b17f069484fb886a707b260a555cedefccfc898d4b85d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 596170716043009BD700EF54D885E5FB7A8FFC9714F104A2EF99097291D7B8A949CBAA
                                                                                                                                                                                                                        Function 0044B988 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 73COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __wcsicoll
                                                                                                                                                                                                                        • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                                                                                                                                                                                                                        • API String ID: 3832890014-4202584635
                                                                                                                                                                                                                        • Opcode ID: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
                                                                                                                                                                                                                        • Instruction ID: bf73cd225697d97a5a257e466bf5c8c79b4efa22739c650e03c6b1f9c6e9338c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D01616160562122FE11322A7C03BDF15898F5139AF14447BFC05F1282FF4DDA8692EE
                                                                                                                                                                                                                        Function 00466999 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 312COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 004669C4
                                                                                                                                                                                                                        • _wcsncpy.LIBCMT ref: 00466A21
                                                                                                                                                                                                                        • _wcsncpy.LIBCMT ref: 00466A4D
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                        • _wcstok.LIBCMT ref: 00466A90
                                                                                                                                                                                                                          • Part of subcall function 004142A3: __getptd.LIBCMT ref: 004142A9
                                                                                                                                                                                                                        • _wcstok.LIBCMT ref: 00466B3F
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 00466BC8
                                                                                                                                                                                                                        • GetOpenFileNameW.COMDLG32(00000058), ref: 00466CFE
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00466D1D
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00466BEE
                                                                                                                                                                                                                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00466D4B
                                                                                                                                                                                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00466D9E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcslen$FileName_memset_wcscpy_wcsncpy_wcstok$OpenSave__getptd
                                                                                                                                                                                                                        • String ID: X$HH
                                                                                                                                                                                                                        • API String ID: 3021350936-1944015008
                                                                                                                                                                                                                        • Opcode ID: 148ffd08a53066c169799d7010fd2328abbb1436974d200da898f01e024381e3
                                                                                                                                                                                                                        • Instruction ID: 73e83d7ea4d12cbe09e247b0b8120e99e9ae8af51722f6ce2f45a1bbad6557a4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 148ffd08a53066c169799d7010fd2328abbb1436974d200da898f01e024381e3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1C1B2715043408BC714EF65C981A9FB3E4BF84304F15892FF949AB292EB78E905CB9B
                                                                                                                                                                                                                        Function 0045F48E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 226windowsleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 0045F4AE
                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F519
                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(00000008,00000004,00000000,?), ref: 0045F556
                                                                                                                                                                                                                        • Sleep.KERNEL32(000001F4,?,?,00000000,?), ref: 0045F568
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InfoItemMenu$Sleep_memset
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 1504565804-4108050209
                                                                                                                                                                                                                        • Opcode ID: d1fae1760d081b6b8cddc0049297ea6fd0734e9abca2e90a1ac85592b3d85e38
                                                                                                                                                                                                                        • Instruction ID: 9e8996cb251b45e9fd8013479734a73363ce4640cf951279a7d2fdadd0934edb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1fae1760d081b6b8cddc0049297ea6fd0734e9abca2e90a1ac85592b3d85e38
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E171E3711043406BD3109F54DD48FABBBE8EBD5306F04086FFD8587252D6B9A94EC76A
                                                                                                                                                                                                                        Function 004556F8 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,004A83D8,?), ref: 00455800
                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 00455847
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$CreateDestroy
                                                                                                                                                                                                                        • String ID: ,$tooltips_class32
                                                                                                                                                                                                                        • API String ID: 1109047481-3856767331
                                                                                                                                                                                                                        • Opcode ID: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                                                                                                                                                                                                                        • Instruction ID: af4df8b80438f92fd5356fe82daba85812243c44dff517d7eb602cf52e2cfce3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF719075244704AFE320DB28CC85F7B77E4EB89700F50491EFA8197391E6B5E905CB59
                                                                                                                                                                                                                        Function 0045CBCC Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _wcsncpy.LIBCMT ref: 0045CCFA
                                                                                                                                                                                                                        • __wsplitpath.LIBCMT ref: 0045CD3C
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 0045CD51
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 0045CD63
                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,00000104,?), ref: 0045CD78
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,00000104,?), ref: 0045CD8C
                                                                                                                                                                                                                          • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDD0
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDE6
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDF8
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0045CE08
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 0045CE14
                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CE5A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentDirectory$AttributesFile$_wcscat$__wsplitpath_wcscpy_wcsncpy
                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                        • API String ID: 1153243558-438819550
                                                                                                                                                                                                                        • Opcode ID: 5bfa431d4ef7075d2dc920e4199facb1e2714bc7465ef22df03346902ac9b5e5
                                                                                                                                                                                                                        • Instruction ID: 4b7f18f3392d5c51d0b0bcfc25b88d1348604f1c1aa494fd035d881d108a9fe9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5bfa431d4ef7075d2dc920e4199facb1e2714bc7465ef22df03346902ac9b5e5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0561E5B61043419FD731EF54C885AEBB7E4EB84305F44882FED8983242D67D998E879E
                                                                                                                                                                                                                        Function 0045510D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 115windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00455127
                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32 ref: 00455146
                                                                                                                                                                                                                        • DeleteMenu.USER32(?,?,00000000), ref: 004551B2
                                                                                                                                                                                                                        • DeleteMenu.USER32(?,?,00000000), ref: 004551C8
                                                                                                                                                                                                                        • GetMenuItemCount.USER32(?), ref: 004551D9
                                                                                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 004551E7
                                                                                                                                                                                                                        • DestroyMenu.USER32(?,?,00000000), ref: 004551F4
                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 00455207
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow_memset
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 1663942905-4108050209
                                                                                                                                                                                                                        • Opcode ID: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                                                                                                                                                                                                                        • Instruction ID: b4bdd7d0bd4ee66815c45afb4cba49e6688c1fb7c5fb2b704b87d0eb3faa17d4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4413B70600A01AFD715DF24D9A8B6B77A8BF44302F40891DFD49CB292DB78EC44CBA9
                                                                                                                                                                                                                        Function 00415C25 Relevance: 22.7, APIs: 15, Instructions: 236COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __get_daylight__invoke_watson$__gmtime64_s$__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1481289235-0
                                                                                                                                                                                                                        • Opcode ID: 0c2ddcf2cfad548662a25bd64df7f8cdb197bd458fe0989c9b03f034f06c5664
                                                                                                                                                                                                                        • Instruction ID: 11750150b5911b8a2d77b888e51b7102539fbc40f42687a9f62e69b5342e6946
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c2ddcf2cfad548662a25bd64df7f8cdb197bd458fe0989c9b03f034f06c5664
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8461B372B00B15DBD724AB69DC81AEB73E99F84324F14452FF011D7682EB78DA808B58
                                                                                                                                                                                                                        Function 0046FB53 Relevance: 22.7, APIs: 15, Instructions: 176windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 0046FB61
                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 0046FB7A
                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 0046FBAF
                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 0046FBE2
                                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001), ref: 0046FC1B
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0046FC3E
                                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000020,00000020,00000021,?,00000001), ref: 0046FC51
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 0046FC73
                                                                                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FC97
                                                                                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FCA5
                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 0046FD00
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$IconImageList_$CreateExtractReplace
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2632138820-0
                                                                                                                                                                                                                        • Opcode ID: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                                                                                                                                                                                                                        • Instruction ID: f8b2170a3f6480226351c2682443129a31dd3945ebd2779c8b18a40e734619f9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A461BF70208305AFD320DF14DC85F5BB7E4FB89B14F10492EFA85972D1E7B4A8498B66
                                                                                                                                                                                                                        Function 00433BAC Relevance: 22.6, APIs: 15, Instructions: 79COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 00433BC7
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 00433BDE
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 00433BF5
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 00433C0C
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 00433C23
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 00433C3A
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 00433C51
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 00433C68
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 00433C7F
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 00433C96
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 00433CAD
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 00433CC4
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 00433CDB
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00000000), ref: 00433CEF
                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00433D06
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CursorLoad
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3238433803-0
                                                                                                                                                                                                                        • Opcode ID: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                                                                                                                                                                                                                        • Instruction ID: acd63d7325575073817552101614e6badc0a76bef24473f745c9da0ba21645f6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D310E3058C302FFE7504F50EE0AB1C36A0BB48B47F008C7DF64AA62E0E6F055009B9A
                                                                                                                                                                                                                        Function 00460ABB Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 294windowtimeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00460AF5
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00460B00
                                                                                                                                                                                                                        • __swprintf.LIBCMT ref: 00460B9E
                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00460C11
                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00460C8E
                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 00460CE6
                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00460D21
                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 00460D40
                                                                                                                                                                                                                        • ScreenToClient.USER32(00000000), ref: 00460D47
                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00460DBE
                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00460DFB
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_wcslen
                                                                                                                                                                                                                        • String ID: %s%u
                                                                                                                                                                                                                        • API String ID: 1899580136-679674701
                                                                                                                                                                                                                        • Opcode ID: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                                                                                                                                                                                                                        • Instruction ID: ed0b46c26cbb3f928a943cd91895a09858176ee0e89b0f6962e21683ef9d2041
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AA1CD722043019BDB14DF54C884BEB73A8FF84714F04892EFD889B245E778E946CBA6
                                                                                                                                                                                                                        Function 0047D5F6 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 210COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?), ref: 0047D6D3
                                                                                                                                                                                                                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                        • StringFromCLSID.OLE32(?,?), ref: 0047D6B5
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                        • StringFromIID.OLE32(?,?), ref: 0047D7F0
                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?), ref: 0047D80A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeFromStringTask_wcslen$_wcscpy
                                                                                                                                                                                                                        • String ID: 0vH$CLSID\$Interface\$ProgID$ToolBoxBitmap32$inprocserver32$localserver32$HH
                                                                                                                                                                                                                        • API String ID: 2485709727-934586222
                                                                                                                                                                                                                        • Opcode ID: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                                                                                                                                                                                                                        • Instruction ID: 9b1d76abf7044590dd80f2c514dab21f357569e7696d0ed80310904c07b122bf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63714BB5614201AFC304EF25C981D5BB3F8BF88704F108A2EF5599B351DB78E905CB6A
                                                                                                                                                                                                                        Function 0045DB3E Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcscpy$Folder_memset$BrowseDesktopFromInitializeListMallocPathUninitialize
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 3381189665-2761332787
                                                                                                                                                                                                                        • Opcode ID: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                                                                                                                                                                                                                        • Instruction ID: 9856a5a3be2a6f4b6f15ab218c20ab076772672eb14c4daba281b2e598c2a196
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1619AB59043009FC320EF65C88499BB7E9BFC8704F048E1EF98987252D775E849CB6A
                                                                                                                                                                                                                        Function 00434506 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00434585
                                                                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00434590
                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 0043459B
                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 004345A9
                                                                                                                                                                                                                        • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,?,?,00CC0020), ref: 00434618
                                                                                                                                                                                                                        • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00434665
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                                                                                                                                                                                                        • String ID: (
                                                                                                                                                                                                                        • API String ID: 3300687185-3887548279
                                                                                                                                                                                                                        • Opcode ID: 850e4e4f4a3144c0c65e94ebd0f1e451ef245c66964f5ba666016bedf541cb72
                                                                                                                                                                                                                        • Instruction ID: a007e7ec8c3f390601fcb6226b5fc218b62818acb39bbc9fe8cd9ddeb27b86ed
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 850e4e4f4a3144c0c65e94ebd0f1e451ef245c66964f5ba666016bedf541cb72
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4514871508345AFD310CF69C884B6BBBE9EF8A310F14881DFA9687390D7B5E844CB66
                                                                                                                                                                                                                        Function 0045E41B Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E463
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E480
                                                                                                                                                                                                                        • __swprintf.LIBCMT ref: 0045E4D9
                                                                                                                                                                                                                        • _printf.LIBCMT ref: 0045E595
                                                                                                                                                                                                                        • _printf.LIBCMT ref: 0045E5B7
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: LoadString_printf$__swprintf_wcslen
                                                                                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR $HH
                                                                                                                                                                                                                        • API String ID: 3590180749-2894483878
                                                                                                                                                                                                                        • Opcode ID: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                                                                                                                                                                                                                        • Instruction ID: 42a5c2f6345f2e10047da6565a111f96cfad8617a22bea28fc44504b1d19b7ce
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F51A171518345ABD324EF91CC41DAF77A8AF84754F04093FF94463292EB78EE488B6A
                                                                                                                                                                                                                        Function 0046F90E Relevance: 21.1, APIs: 14, Instructions: 147windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0046F911
                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 0046F929
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 0046F942
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0046F950
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,00000000,00000000,00000000,00002010,?,000000F0), ref: 0046F95E
                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9A8
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 0046F9C1
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0046F9CF
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,000000F7,00000001,00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9DD
                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,?,000000FF,00000001), ref: 0046FA1D
                                                                                                                                                                                                                        • DestroyIcon.USER32(?), ref: 0046FA4F
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F7,00000001,?), ref: 0046FA5A
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0046FA68
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,000000F7,00000001,?), ref: 0046FA76
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Icon$Destroy$DeleteMessageObjectSend$ImageLoad$ExtractLongWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3412594756-0
                                                                                                                                                                                                                        • Opcode ID: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                                                                                                                                                                                                                        • Instruction ID: 2b127e2e725f503062080ad48664a75956f0b49bd2ac624c91da1236fc619d99
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD41B575344301ABE7209B65ED45B6B7398EB44711F00083EFA85A7381DBB9E809C76A
                                                                                                                                                                                                                        Function 0045D971 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 140COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                                                                                                                                                                                                                          • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32 ref: 0045DA30
                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DA76
                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DAAB
                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DADF
                                                                                                                                                                                                                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: SendString$_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                        • API String ID: 4013263488-4113822522
                                                                                                                                                                                                                        • Opcode ID: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                                                                                                                                                                                                                        • Instruction ID: 78e8968fe3d68f28a61334a0544e46eb3ade7c09d07056eb4a028b8014bab4f9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86516E71604300ABD710EF55CC85F5EB3E4AF88714F14496EF985AB2D2D7B8E908CB5A
                                                                                                                                                                                                                        Function 00435A35 Relevance: 21.1, APIs: 14, Instructions: 136timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcslen$_wcsncpy$LocalTime__wcstoi64
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 228034949-0
                                                                                                                                                                                                                        • Opcode ID: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
                                                                                                                                                                                                                        • Instruction ID: c9113392db11e6d0b84b7dcaf0f9983ae7bcdcfbf3325debe08446cd55f13bc3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 874194B181435066DA10FF6AC8479DFB3A8EF89314F84495FF945D3162E378E64883AA
                                                                                                                                                                                                                        Function 004334CA Relevance: 21.1, APIs: 14, Instructions: 132filecommemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,0046FAD5), ref: 004334F4
                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043350F
                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043351A
                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00433523
                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433533
                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0043353A
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433541
                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043354F
                                                                                                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,?), ref: 00433568
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 0043357B
                                                                                                                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 004335A6
                                                                                                                                                                                                                        • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004335DB
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00433603
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000172,00000000,?), ref: 0043361B
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3969911579-0
                                                                                                                                                                                                                        • Opcode ID: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                                                                                                                                                                                                                        • Instruction ID: 5aed18668fdc988692497ed4484016cc97142e8c7c748bcd34b77a3330007e11
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70410471204210AFD710DF64DC88F6BBBE8FB89711F10492DFA45972A0D7B5A941CBAA
                                                                                                                                                                                                                        Function 00445A77 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 73windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetParent.USER32 ref: 00445A8D
                                                                                                                                                                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00445AA0
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 00445AC4
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 00445AE0
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445B3D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __wcsicoll$ClassMessageNameParentSend
                                                                                                                                                                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                        • API String ID: 3125838495-3381328864
                                                                                                                                                                                                                        • Opcode ID: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                                                                                                                                                                                                                        • Instruction ID: 9ea7b4bfd8e333fc3d4c3d1cc69785ca983c3453aa66f955cff8de8c622a02b1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F011E9B1B40301BBFF10B6659C46EAF739CDF94759F00081BFD44E6182F6ACA9458769
                                                                                                                                                                                                                        Function 00479921 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 314COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CopyVariant$ErrorLast
                                                                                                                                                                                                                        • String ID: Conversion of parameters failed$NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                        • API String ID: 2286883814-4206948668
                                                                                                                                                                                                                        • Opcode ID: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                                                                                                                                                                                                                        • Instruction ID: 5c76bcf0434180a49ef26f8382d3619d889c8a8ee3f63882ad125ac36acecb62
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4EA1F0B1644300ABD620EB25CC81EABB3E9FBC4704F10891EF65987251D779E945CBAA
                                                                                                                                                                                                                        Function 00475D8B Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 194COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                                                                                                                                                                                                                          • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,?,00000061), ref: 00475EEC
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 00475F18
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: BuffCharDriveLowerType_wcscpy_wcslen
                                                                                                                                                                                                                        • String ID: a$all$cdrom$fixed$network$ramdisk$removable$unknown$HH
                                                                                                                                                                                                                        • API String ID: 3052893215-4176887700
                                                                                                                                                                                                                        • Opcode ID: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                                                                                                                                                                                                                        • Instruction ID: 30c0e749cffa51fc832ec364bb88d57898ea161693411a08ebb212f54f1b1ce2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E951E5716047009BC710EF51D981B9BB3D4AB85705F108C2FF948AB382D7B9DE09879B
                                                                                                                                                                                                                        Function 004582BF Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 165registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • StringFromIID.OLE32(?,?,00000003,?,?,00000000), ref: 004582E5
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?,00000000), ref: 00458335
                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 00458351
                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32 ref: 00458381
                                                                                                                                                                                                                        • CLSIDFromString.OLE32(00000000,?), ref: 004583AF
                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32 ref: 004583E8
                                                                                                                                                                                                                        • LoadRegTypeLib.OLEAUT32(?,?), ref: 00458486
                                                                                                                                                                                                                          • Part of subcall function 00413F97: __wtof_l.LIBCMT ref: 00413FA1
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 004584BA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FromQueryStringValue_wcslen$CloseFreeLoadOpenTaskType__wtof_l_wcscpy
                                                                                                                                                                                                                        • String ID: Version$\TypeLib$interface\
                                                                                                                                                                                                                        • API String ID: 656856066-939221531
                                                                                                                                                                                                                        • Opcode ID: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                                                                                                                                                                                                                        • Instruction ID: 73379605cfaaf105ee685c6daddaf2c4824f5dc828714578f474d0d05c7db838
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19513B715083059BD310EF55D944A6FB3E8FFC8B08F004A2DF985A7251EA78DD09CB9A
                                                                                                                                                                                                                        Function 0045E62E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 155COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E676
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E69A
                                                                                                                                                                                                                        • __swprintf.LIBCMT ref: 0045E6EE
                                                                                                                                                                                                                        • _printf.LIBCMT ref: 0045E7A9
                                                                                                                                                                                                                        • _printf.LIBCMT ref: 0045E7D2
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: LoadString_printf$__swprintf_wcslen
                                                                                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                        • API String ID: 3590180749-2354261254
                                                                                                                                                                                                                        • Opcode ID: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                                                                                                                                                                                                                        • Instruction ID: 835382aeb01427732dc6b750cf2ba574ed77461063debdd42288bdc21f9728b4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B051D5715143019BD324FB51CC41EAF77A8AF84354F14093FF94563292DB78AE49CB6A
                                                                                                                                                                                                                        Function 004580E1 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 136registryshareCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00458194
                                                                                                                                                                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004581D6
                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,00000000), ref: 004581F4
                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,00000000), ref: 00458219
                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,?), ref: 00458248
                                                                                                                                                                                                                        • CLSIDFromString.OLE32(00000000,?), ref: 00458279
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0045828F
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00458296
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memset_wcslen
                                                                                                                                                                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                        • API String ID: 2255324689-22481851
                                                                                                                                                                                                                        • Opcode ID: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                                                                                                                                                                                                                        • Instruction ID: 0916ae95de1959dc40878de41837780f7e862baf069d4d5c3429810960799c2e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A4190725083019BD320EF54C845B5FB7E8AF84714F044D2EFA8577291DBB8E949CB9A
                                                                                                                                                                                                                        Function 004584D6 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 105registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000000,interface,00000000,00020019,?), ref: 00458513
                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00458538
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00458615
                                                                                                                                                                                                                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,000001FE,interface\), ref: 0045858A
                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000028), ref: 004585A8
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 004585D6
                                                                                                                                                                                                                        • IIDFromString.OLE32(?,?,?,?), ref: 004585EB
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 004585F8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpen$EnumFromQueryStringValue__wcsicoll_wcslen
                                                                                                                                                                                                                        • String ID: ($interface$interface\
                                                                                                                                                                                                                        • API String ID: 2231185022-3327702407
                                                                                                                                                                                                                        • Opcode ID: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                                                                                                                                                                                                                        • Instruction ID: 2ed788c9a442d2de66cb2a0eaf665167c450c6ff9570aaff4df7cfaf3afbbce1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE317271204305ABE710DF54DD85F6BB3E8FB84744F10492DF685A6191EAB8E908C76A
                                                                                                                                                                                                                        Function 00436582 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 79networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • WSAStartup.WSOCK32(00000101,?), ref: 004365A5
                                                                                                                                                                                                                        • gethostname.WSOCK32(00000100,00000100,00000101,?), ref: 004365BC
                                                                                                                                                                                                                        • gethostbyname.WSOCK32(00000101,00000100,00000100,00000101,?), ref: 004365C6
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 004365F5
                                                                                                                                                                                                                        • WSACleanup.WSOCK32 ref: 004365FD
                                                                                                                                                                                                                        • inet_ntoa.WSOCK32(00000100,?), ref: 00436624
                                                                                                                                                                                                                        • _strcat.LIBCMT ref: 0043662F
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 00436644
                                                                                                                                                                                                                        • WSACleanup.WSOCK32(?,?,?,?,?,?,00000100,?), ref: 00436652
                                                                                                                                                                                                                        • _wcscpy.LIBCMT ref: 00436666
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcscpy$Cleanup$Startup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                        • String ID: 0.0.0.0
                                                                                                                                                                                                                        • API String ID: 2691793716-3771769585
                                                                                                                                                                                                                        • Opcode ID: 65646d0c3f70c30576c3209c49215e1e6413ca059fa52035c9da78ad10046a0d
                                                                                                                                                                                                                        • Instruction ID: 29d249c793a1599df1911ffab6ed89036a29d54f41df1114d8fa63e2d2305339
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65646d0c3f70c30576c3209c49215e1e6413ca059fa52035c9da78ad10046a0d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C21D4726003016BD620FB269C42FFF33A89FD4318F54492FF64456242EABDD58983AB
                                                                                                                                                                                                                        Function 00416B12 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048C968,0000000C,00416C4D,00000000,00000000,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416B24
                                                                                                                                                                                                                        • __crt_waiting_on_module_handle.LIBCMT ref: 00416B2F
                                                                                                                                                                                                                          • Part of subcall function 0041177F: Sleep.KERNEL32(000003E8,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 0041178B
                                                                                                                                                                                                                          • Part of subcall function 0041177F: GetModuleHandleW.KERNEL32(00411739,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 00411794
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00416B58
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00411739,DecodePointer), ref: 00416B68
                                                                                                                                                                                                                        • __lock.LIBCMT ref: 00416B8A
                                                                                                                                                                                                                        • InterlockedIncrement.KERNEL32(00EA60FF), ref: 00416B97
                                                                                                                                                                                                                        • __lock.LIBCMT ref: 00416BAB
                                                                                                                                                                                                                        • ___addlocaleref.LIBCMT ref: 00416BC9
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                                                                                                                        • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                                                                                                                        • API String ID: 1028249917-2843748187
                                                                                                                                                                                                                        • Opcode ID: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                                                                                                                                                                                                                        • Instruction ID: dfb830706c011728ae11a8c0f52cb2fa371409e71f4acd403326aacb15a29bdd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E119671944701AFD720EF76C905B9EBBE0AF00714F10495FE469A6391DB78A580CB1D
                                                                                                                                                                                                                        Function 0044920C Relevance: 18.2, APIs: 12, Instructions: 243windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000000,000000FF,?), ref: 0044931D
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0045BBB0,00000000,00000000), ref: 0044932D
                                                                                                                                                                                                                        • CharNextW.USER32(?,?,?,?,0045BBB0,00000000,00000000,?,?), ref: 00449361
                                                                                                                                                                                                                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449375
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000402,?), ref: 0044941C
                                                                                                                                                                                                                        • SendMessageW.USER32(004A83D8,000000C2,00000001,?), ref: 004494A0
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449515
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$CharNext
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1350042424-0
                                                                                                                                                                                                                        • Opcode ID: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                                                                                                                                                                                                                        • Instruction ID: cf19a455924c4199ae2d31ef2e344bdd2865620a2145bd440d1f5c61272ee54d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D81B5312083019BE720DF15DC85FBBB7E4EBD9B20F00492EFA54962C0D7B99946D766
                                                                                                                                                                                                                        Function 00453B94 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,?,00000000), ref: 00453C0D
                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 00453C5A
                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00453C82
                                                                                                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 00453C99
                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00453CC9
                                                                                                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 00453CDA
                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00453D07
                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 00453D15
                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 00453D3F
                                                                                                                                                                                                                        • GetKeyState.USER32(00000012), ref: 00453D4D
                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00453D77
                                                                                                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 00453D85
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                                                                                                        • Opcode ID: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                                                                                                                                                                                                                        • Instruction ID: 09d2c23b2f41f951af40c960ff4fa7a39ed3d74d48f5bb091813d5d41b5bf946
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD5108311497C42AF731EF6048217A7BBE45F52782F488D5EE9C107283E619AB0C976B
                                                                                                                                                                                                                        Function 00437DB1 Relevance: 18.2, APIs: 12, Instructions: 180COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00437DD7
                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00437DE9
                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,0000000A,?,?,?,00000000), ref: 00437E5C
                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00437E70
                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00437E82
                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,?,00000000,?,?,00000000), ref: 00437EDB
                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00437EEA
                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00437EFC
                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00437F46
                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 00437F55
                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 00437F6E
                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00437F78
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3096461208-0
                                                                                                                                                                                                                        • Opcode ID: 85b2574db82c4a067caaf632f6dab2f3668a9f7fdedc9eb4d1c33f4a9692aa02
                                                                                                                                                                                                                        • Instruction ID: 6334a21bf5495bf578199e0a0c43900503e40640961724061e29feeedb49a886
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85b2574db82c4a067caaf632f6dab2f3668a9f7fdedc9eb4d1c33f4a9692aa02
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46511CB16083069FC318DF68DD85A2BB7E9ABC8300F144A2DF985D3391E6B4ED058B95
                                                                                                                                                                                                                        Function 00436879 Relevance: 18.1, APIs: 12, Instructions: 115COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 136442275-0
                                                                                                                                                                                                                        • Opcode ID: 8bb1124220d8f68122d0f1a8633f784f40ed2a0c71bdd1f95919e960fb23027d
                                                                                                                                                                                                                        • Instruction ID: e47e2093bf76b35e8f1fec89578fc46911e8a4506192668d3a16ce6d5165f020
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8bb1124220d8f68122d0f1a8633f784f40ed2a0c71bdd1f95919e960fb23027d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 744124B2408345ABC235E754C885EEF73ECABD8314F44891EB68D42141EB796688C7A7
                                                                                                                                                                                                                        Function 0046B39A Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 401registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B479
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ConnectRegistry_wcslen
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 535477410-2761332787
                                                                                                                                                                                                                        • Opcode ID: dd977f09bea9308b610c7238e96fb584538275b520f46e9374bb1ad9d3878166
                                                                                                                                                                                                                        • Instruction ID: 7a368be733395892e28f24b11b3b05e85d853a2cd395d98498a1c99032eed9d9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd977f09bea9308b610c7238e96fb584538275b520f46e9374bb1ad9d3878166
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63E171B1604200ABC714EF28C981F1BB7E4EF88704F148A1EF685DB381D779E945CB9A
                                                                                                                                                                                                                        Function 00460473 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 004604B5
                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 004604F1
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00460502
                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 00460510
                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00460589
                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 004605C2
                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00460606
                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 0046063E
                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004606AD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen
                                                                                                                                                                                                                        • String ID: ThumbnailClass
                                                                                                                                                                                                                        • API String ID: 4123061591-1241985126
                                                                                                                                                                                                                        • Opcode ID: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                                                                                                                                                                                                                        • Instruction ID: b645ef8d54a60b7d8a856e9fdf4d8999e4c56e3b903fe9b51be5921097eabf2a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F91B0715043019FDB14DF24C884BAB77A8EF84715F04896FFD85AA281E778E905CBAB
                                                                                                                                                                                                                        Function 0046F50B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 157windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00456354: GetCursorPos.USER32(004A83D8), ref: 0045636A
                                                                                                                                                                                                                          • Part of subcall function 00456354: ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                                                                                                                                                                                                                          • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563D0
                                                                                                                                                                                                                          • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563DC
                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000205,?,?,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F55F
                                                                                                                                                                                                                        • ImageList_DragLeave.COMCTL32(00000000,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F57D
                                                                                                                                                                                                                        • ImageList_EndDrag.COMCTL32 ref: 0046F583
                                                                                                                                                                                                                        • ReleaseCapture.USER32 ref: 0046F589
                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 0046F620
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0046F630
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                                                                                                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DROPID$HH
                                                                                                                                                                                                                        • API String ID: 2483343779-2060113733
                                                                                                                                                                                                                        • Opcode ID: 5127d0ffcd17cb1bef4f2f1971358f36b919fc832d8745dd5c7fc1032c5585dd
                                                                                                                                                                                                                        • Instruction ID: 4b94e37398fb4c0e8bf176de98e3888209b69965db7f8e5b86c8cb252d1f017b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5127d0ffcd17cb1bef4f2f1971358f36b919fc832d8745dd5c7fc1032c5585dd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB5106716043119BD700DF18DC85FAF77A5EB89310F04492EF941973A2DB789D49CBAA
                                                                                                                                                                                                                        Function 0046FD7F Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 143windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 0046FD8A
                                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,004A83D8,?), ref: 0046FDF0
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 0046FE0E
                                                                                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,004A83D8,?), ref: 0046FE20
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 0046FEA5
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,?), ref: 0046FEDF
                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0046FEF2
                                                                                                                                                                                                                        • RedrawWindow.USER32(?,?,00000000,00000000), ref: 0046FF02
                                                                                                                                                                                                                        • DestroyIcon.USER32(?), ref: 0046FFCC
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                                                                                                                                                                                                                        • String ID: 2
                                                                                                                                                                                                                        • API String ID: 1331449709-450215437
                                                                                                                                                                                                                        • Opcode ID: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                                                                                                                                                                                                                        • Instruction ID: e79942d1a0196d9b5e30c5c178d8ccafd59c9ae1e7fac48b8759c586c5a3b44e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB51AC702043019FD320CF44D885BAABBE5FB88700F04487EE684872A2D7B5A849CB5A
                                                                                                                                                                                                                        Function 00450E7D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?,?,00000000,static,00000000,00000000,?,?,00000000,00000000,?,00000000), ref: 00450EE1
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DestroyWindow
                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                        • API String ID: 3375834691-2160076837
                                                                                                                                                                                                                        • Opcode ID: 88f11647011456fbb04f7235260bd1d02a964e72c1c4e3b3fb6640230c73d37f
                                                                                                                                                                                                                        • Instruction ID: 4605c95b1b006c90d65e271c0fdf07f62d21d56273c2870bf7f2e3decf5281c5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88f11647011456fbb04f7235260bd1d02a964e72c1c4e3b3fb6640230c73d37f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4531B572200300BBD7109B64DC45F6BB3A8EBC9711F204A2EFA50D72C0D7B4E8048B69
                                                                                                                                                                                                                        Function 004393E2 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 109threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439409
                                                                                                                                                                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 0043940C
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?), ref: 0043941D
                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 00439420
                                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 0043945B
                                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 00439474
                                                                                                                                                                                                                        • _memcmp.LIBCMT ref: 004394A9
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004394F8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • SeIncreaseQuotaPrivilege, xrefs: 0043946A
                                                                                                                                                                                                                        • SeAssignPrimaryTokenPrivilege, xrefs: 00439455
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$CurrentLookupOpenPrivilegeTokenValue$CloseHandleThread_memcmp
                                                                                                                                                                                                                        • String ID: SeAssignPrimaryTokenPrivilege$SeIncreaseQuotaPrivilege
                                                                                                                                                                                                                        • API String ID: 1446985595-805462909
                                                                                                                                                                                                                        • Opcode ID: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                                                                                                                                                                                                                        • Instruction ID: 628aaead06b6f58e004e5b45c2ed9710a22b4d2b921ab75b424857e8fd72c9d6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB31A371508312ABC710DF21CD41AAFB7E8FB99704F04591EF98193240E7B8DD4ACBAA
                                                                                                                                                                                                                        Function 0045D83D Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 86COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D848
                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,?), ref: 0045D8A3
                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D94A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                        • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$HH
                                                                                                                                                                                                                        • API String ID: 2907320926-41864084
                                                                                                                                                                                                                        • Opcode ID: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                                                                                                                                                                                                                        • Instruction ID: d4cab332979e247f8c2da9788294718902473fa09eb5ff996f03d25688ce9cbb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7318B75A083008FC310EF65E48481EB7A1AFC8315F648D2FF945A7362C779D9068BAB
                                                                                                                                                                                                                        Function 00467214 Relevance: 16.8, APIs: 11, Instructions: 313COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 004672E6
                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046735D
                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467375
                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004673ED
                                                                                                                                                                                                                        • SafeArrayGetVartype.OLEAUT32(CE8B7824,?), ref: 00467418
                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467445
                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046746A
                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 00467559
                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 0046748A
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467571
                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004675E4
                                                                                                                                                                                                                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ArraySafe$Data$AccessUnaccess$Exception@8ThrowVartype_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1932665248-0
                                                                                                                                                                                                                        • Opcode ID: 16f99e80be173eecdd1bb573f6b7f825babaa5351af7cc3efc94bb11c862a2f8
                                                                                                                                                                                                                        • Instruction ID: 42a0e90c8bf2b482c85e144861ec280134e9fb1dbd9e00a0d693b148f8e5f150
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16f99e80be173eecdd1bb573f6b7f825babaa5351af7cc3efc94bb11c862a2f8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8B1BF752082009FD304DF29C884B6B77E5FF98318F14496EE98587362E779E885CB6B
                                                                                                                                                                                                                        Function 004480F2 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00448182
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00448185
                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 004481A7
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 004481BA
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481CC
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 0044824E
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482A4
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482BE
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482E3
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101E,00000001,00000000), ref: 004482FC
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448317
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$LongWindow_memset
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 830647256-0
                                                                                                                                                                                                                        • Opcode ID: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                                                                                                                                                                                                                        • Instruction ID: 69fd08a602074ed3d664547bad3ac5a94a9e6c02d61aa1d07dc3907ec7ad0976
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41616F70208341AFE310DF54C881FABB7A4FF89704F14465EFA909B2D1DBB5A945CB56
                                                                                                                                                                                                                        Function 0046EA7F Relevance: 16.7, APIs: 11, Instructions: 167windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                                                                                                                                                                                                                        • DestroyAcceleratorTable.USER32(?), ref: 0046EA9F
                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 0046EB04
                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 0046EB18
                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 0046EB24
                                                                                                                                                                                                                        • DeleteObject.GDI32(005C0000), ref: 0046EB4F
                                                                                                                                                                                                                        • DestroyIcon.USER32(00690057), ref: 0046EB67
                                                                                                                                                                                                                        • DeleteObject.GDI32(00670000), ref: 0046EB7F
                                                                                                                                                                                                                        • DestroyWindow.USER32(00000072), ref: 0046EB97
                                                                                                                                                                                                                        • DestroyIcon.USER32(?), ref: 0046EBBF
                                                                                                                                                                                                                        • DestroyIcon.USER32(?), ref: 0046EBCD
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateRectTableWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 802431696-0
                                                                                                                                                                                                                        • Opcode ID: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                                                                                                                                                                                                                        • Instruction ID: 42d633cefbe7d7192e7a113645d0a532909e6831d49db23f2259be933aabe8c6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17513178600202DFDB14DF26D894E2A77E9FB4AB14B54446EE502CB361EB38EC41CB5E
                                                                                                                                                                                                                        Function 00444D52 Relevance: 16.6, APIs: 11, Instructions: 132keyboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,?,?), ref: 00444D8A
                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00444E0F
                                                                                                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 00444E26
                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00444E40
                                                                                                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 00444E51
                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00444E69
                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 00444E77
                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 00444E8F
                                                                                                                                                                                                                        • GetKeyState.USER32(00000012), ref: 00444E9D
                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00444EB5
                                                                                                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 00444EC3
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                                                                                                        • Opcode ID: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                                                                                                                                                                                                                        • Instruction ID: c605e69a62dfc64c618b97cb3a1930d242a0674024be490a091b983f03ece729
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A41C3646087C52DFB31966484017E7FFD16FA2708F58844FD1C5067C2DBAEA9C8C7AA
                                                                                                                                                                                                                        Function 00474335 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 0-2761332787
                                                                                                                                                                                                                        • Opcode ID: a328fc3f0c2738e7ee23a6f39de9db46e7d7486e18f94bdfd929d974c39bc96d
                                                                                                                                                                                                                        • Instruction ID: 1932890218e454eaab518c2d08cf67ea4bcb6b95680f1d85a47b5a5cee1eebd3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a328fc3f0c2738e7ee23a6f39de9db46e7d7486e18f94bdfd929d974c39bc96d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99A1A1726043009BD710EF65DC82B6BB3E9ABD4718F008E2EF558E7281D779E9448B5A
                                                                                                                                                                                                                        Function 004507E7 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 146windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004508CB
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001036,00000000,?), ref: 004508DB
                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,00001036,00000000,?,000000FF,?,SysListView32,004848E8,00000000), ref: 004508FC
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00450944
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 00450955
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045096C
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001061,?,?), ref: 0045099B
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$Window_wcscat_wcslen
                                                                                                                                                                                                                        • String ID: -----$SysListView32
                                                                                                                                                                                                                        • API String ID: 4008455318-3975388722
                                                                                                                                                                                                                        • Opcode ID: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                                                                                                                                                                                                                        • Instruction ID: 786a3889ee88f98d9b0e9b4b0e1dacf7018a6923f31dd28eeaa3c07ad082d1a6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17519470504340ABE330DB65C885FABB3E4AF84714F104E1EFA94972D3D6B99989CB65
                                                                                                                                                                                                                        Function 00448602 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00448625
                                                                                                                                                                                                                        • CreateMenu.USER32 ref: 0044863C
                                                                                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 0044864C
                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 004486D6
                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 004486EB
                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 004486F5
                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 00448739
                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 00448742
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 176399719-4108050209
                                                                                                                                                                                                                        • Opcode ID: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                                                                                                                                                                                                                        • Instruction ID: 98f94d81d6847d6484dd50bbdc77a0bd9f9f2d632c710d3394220f00cc789bef
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86417675604201AFD700CF68D894A9BBBE4FF89314F14891EFA488B350DBB5A845CFA6
                                                                                                                                                                                                                        Function 004691F4 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469277
                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 00469289
                                                                                                                                                                                                                        • GetParent.USER32 ref: 004692A4
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111), ref: 004692A7
                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 004692AE
                                                                                                                                                                                                                        • GetParent.USER32 ref: 004692C7
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 004692CA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$CtrlParent$_wcslen
                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                        • API String ID: 2040099840-1403004172
                                                                                                                                                                                                                        • Opcode ID: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                                                                                                                                                                                                                        • Instruction ID: ef07326ddff4210f4741e87947fad3c2ec39ee11b6619cfdf8cc81125e1c6f8c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC21D6716002147BD600AB65CC45DBFB39CEB85324F044A1FF954A73D1DAB8EC0947B9
                                                                                                                                                                                                                        Function 004693F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • SendMessageW.USER32(00000186,00000186,?,00000000), ref: 00469471
                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 00469483
                                                                                                                                                                                                                        • GetParent.USER32 ref: 0046949E
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111), ref: 004694A1
                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 004694A8
                                                                                                                                                                                                                        • GetParent.USER32 ref: 004694C1
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 004694C4
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$CtrlParent$_wcslen
                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                        • API String ID: 2040099840-1403004172
                                                                                                                                                                                                                        • Opcode ID: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                                                                                                                                                                                                                        • Instruction ID: 434b10a17d45167e777e8ea6e726dd6ee4e01267e4a119798c8aa60e835c5cdc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA21D7756002147BD600BB29CC45EBFB39CEB85314F04492FF984A7291EABCEC0A4779
                                                                                                                                                                                                                        Function 00448DAF Relevance: 15.2, APIs: 10, Instructions: 173windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 004419ED: DeleteObject.GDI32(?), ref: 00441A53
                                                                                                                                                                                                                        • SendMessageW.USER32(769523D0,00001001,00000000,00000000), ref: 00448E73
                                                                                                                                                                                                                        • SendMessageW.USER32(769523D0,00001026,00000000,00000000), ref: 00448E7E
                                                                                                                                                                                                                          • Part of subcall function 00441A7A: CreateSolidBrush.GDI32 ref: 00441ACB
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3771399671-0
                                                                                                                                                                                                                        • Opcode ID: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                                                                                                                                                                                                                        • Instruction ID: ebbecaf0548398ae771b9aa28ebf0b72f134f9ffbbfb28b2279bd799396bd9e3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4510930208300AFE2209F25DD85F6F77EAEB85B14F14091EF994E72D0CBB9E9458769
                                                                                                                                                                                                                        Function 0046ECBF Relevance: 15.1, APIs: 10, Instructions: 101COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InitVariant$_malloc_wcscpy_wcslen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3413494760-0
                                                                                                                                                                                                                        • Opcode ID: afb533e23b19910be0c027df8fa87fd227b592e7e5a0e6e969ae1a59b8da4157
                                                                                                                                                                                                                        • Instruction ID: 77b59fa0745152fd1b6386ccdd9ca850b9b7f4abb66e551d88b584249de3d357
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: afb533e23b19910be0c027df8fa87fd227b592e7e5a0e6e969ae1a59b8da4157
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F83150B2600746AFC714DF7AC880996FBA8FF88310B44892EE64983641D735F554CBA5
                                                                                                                                                                                                                        Function 004377B4 Relevance: 15.1, APIs: 10, Instructions: 97threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004377D7
                                                                                                                                                                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,0045FDE0,?,?,00000001), ref: 004377EB
                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 004377F8
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 00437809
                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000001), ref: 00437819
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043782E
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043783D
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 0043788D
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378A1
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378AC
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2156557900-0
                                                                                                                                                                                                                        • Opcode ID: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                                                                                                                                                                                                                        • Instruction ID: cf5237ead9178137421241ba4763476990ac919c12b5de4495d1c20f4e3090f4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0316FB1504341AFD768EF28DC88A7BB7A9EF9D310F14182EF44197250D7B89C44CB69
                                                                                                                                                                                                                        Function 0045F776 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 446COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __wcsicoll
                                                                                                                                                                                                                        • String ID: 0%d$DOWN$OFF
                                                                                                                                                                                                                        • API String ID: 3832890014-468733193
                                                                                                                                                                                                                        • Opcode ID: b886d43e96c57de01ffb669c6ba173cdd7012b944398daffbb17888043fd80c7
                                                                                                                                                                                                                        • Instruction ID: 3901981f80fa7430cd77b89167089bc3925961a07aad88d0cc2f25a35af8916b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b886d43e96c57de01ffb669c6ba173cdd7012b944398daffbb17888043fd80c7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7F1D8614083856DEB21EB21C845BAF7BE85F95309F08092FF98212193D7BCD68DC76B
                                                                                                                                                                                                                        Function 0045E912 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 353timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 0045E959
                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(00000000), ref: 0045E963
                                                                                                                                                                                                                        • VariantClear.OLEAUT32 ref: 0045E970
                                                                                                                                                                                                                        • VariantTimeToSystemTime.OLEAUT32 ref: 0045EAEB
                                                                                                                                                                                                                        • __swprintf.LIBCMT ref: 0045EB1F
                                                                                                                                                                                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 0045EB61
                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 0045EBE7
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • %4d%02d%02d%02d%02d%02d, xrefs: 0045EB19
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Variant$InitTime$ClearCopyFromSystem__swprintf
                                                                                                                                                                                                                        • String ID: %4d%02d%02d%02d%02d%02d
                                                                                                                                                                                                                        • API String ID: 43541914-1568723262
                                                                                                                                                                                                                        • Opcode ID: 37b26c3e130c1a31af09048bf95897f87bf3bde4777f47a21ee6b10bd43e23e8
                                                                                                                                                                                                                        • Instruction ID: db8708ae94f177a13b26e6bf0e0b18ed2eb17208bc27bd00c320e315e6f9d40a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37b26c3e130c1a31af09048bf95897f87bf3bde4777f47a21ee6b10bd43e23e8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ABC1F4BB1006019BC704AF06D480666F7A1FFD4322F14896FED984B341DB3AE95ED7A6
                                                                                                                                                                                                                        Function 0042FE54 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 298sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • InterlockedDecrement.KERNEL32(004A7CAC), ref: 0042FE66
                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 0042FE6E
                                                                                                                                                                                                                        • InterlockedDecrement.KERNEL32(004A7CAC), ref: 0042FF5D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DecrementInterlocked$Sleep
                                                                                                                                                                                                                        • String ID: 0vH$0vH$4RH0vH$@COM_EVENTOBJ
                                                                                                                                                                                                                        • API String ID: 2250217261-3412429629
                                                                                                                                                                                                                        • Opcode ID: 8ee3dc3b90658de1bdba7935e7c509bae4c97cbbd898303c1487c3161a53cb39
                                                                                                                                                                                                                        • Instruction ID: 990b5f35a06538e4ae7b6c94f393f4a5fafaaf51bfa382c75dcb300f2d234fa3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ee3dc3b90658de1bdba7935e7c509bae4c97cbbd898303c1487c3161a53cb39
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0B1C0715083009FC714EF54C990A5FB3E4AF98304F508A2FF495972A2DB78ED4ACB9A
                                                                                                                                                                                                                        Function 004689FF Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 288COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                        • API String ID: 0-1603158881
                                                                                                                                                                                                                        • Opcode ID: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                                                                                                                                                                                                                        • Instruction ID: 1d39c91c6ba170ccd8bd44326015c92659356e06a413e753493f98454e3169a0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49A1D3B14043459BCB20EF50CC81BDE37A4AF94348F44891FF9896B182EF79A64DC76A
                                                                                                                                                                                                                        Function 00479C97 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 274COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00479D1F
                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00479F06
                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00479F11
                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00479DF7
                                                                                                                                                                                                                          • Part of subcall function 00467626: VariantInit.OLEAUT32(00000000), ref: 00467666
                                                                                                                                                                                                                          • Part of subcall function 00467626: VariantCopy.OLEAUT32(00000000,00479BD3), ref: 00467670
                                                                                                                                                                                                                          • Part of subcall function 00467626: VariantClear.OLEAUT32 ref: 0046767D
                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00479F9C
                                                                                                                                                                                                                          • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                                                                                                                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                                                                                                                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                                                                                                                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Variant$Copy$ClearInit$ErrorLast_memset
                                                                                                                                                                                                                        • String ID: F$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                        • API String ID: 665237470-60002521
                                                                                                                                                                                                                        • Opcode ID: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                                                                                                                                                                                                                        • Instruction ID: 799f1794578ead7d01377608c22e1fb401aa4fc5ffca8a64c02b8280356d09a3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6091B272204341AFD720DF64D880EABB7E9EFC4314F50891EF28987291D7B9AD45C766
                                                                                                                                                                                                                        Function 00401D10 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 235COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D5A
                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 0042A751
                                                                                                                                                                                                                        • UnregisterHotKey.USER32(?), ref: 0042A778
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 0042A822
                                                                                                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0042A854
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                                                                                                                                                                                                        • String ID: close all$#v
                                                                                                                                                                                                                        • API String ID: 4174999648-3101823635
                                                                                                                                                                                                                        • Opcode ID: ddf39f1eda455a1c63d5a7d3271f56cd3ed42d138f3b783cbb3ca1597947a384
                                                                                                                                                                                                                        • Instruction ID: e23b5dd52123a376b0379481fe8be5d2f02d07e70979f80a1c72d587d5a24a2c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ddf39f1eda455a1c63d5a7d3271f56cd3ed42d138f3b783cbb3ca1597947a384
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FFA17075A102248FCB20EF55CC85B9AB3B8BF44304F5044EEE90967291D779AE85CF9D
                                                                                                                                                                                                                        Function 0046A75F Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 179registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046A84D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ConnectRegistry_wcslen
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 535477410-2761332787
                                                                                                                                                                                                                        • Opcode ID: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                                                                                                                                                                                                                        • Instruction ID: 68d8ff7817732ac0dd8275009c421e29eb5870de2046e22f9b94a35ba54c9d9f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE617FB56083009FD304EF65C981F6BB7E4AF88704F14891EF681A7291D678ED09CB97
                                                                                                                                                                                                                        Function 0045F2C5 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 146windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 0045F317
                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F367
                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 0045F380
                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 0045F3C5
                                                                                                                                                                                                                        • GetMenuItemCount.USER32(?), ref: 0045F42F
                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,?), ref: 0045F45B
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                                                                                                        • String ID: 0$2
                                                                                                                                                                                                                        • API String ID: 3311875123-3793063076
                                                                                                                                                                                                                        • Opcode ID: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                                                                                                                                                                                                                        • Instruction ID: 6c7ab59355789d00cbd42ef361c1bd9312a1bc9220e92816940967e3bd29aecc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E451CF702043409FD710CF69D888B6BBBE4AFA5319F104A3EFD9586292D378994DCB67
                                                                                                                                                                                                                        Function 0043717F Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,004A8E80,00000100,00000100,?,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe), ref: 0043719E
                                                                                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 004371A7
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 004371BD
                                                                                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 004371C0
                                                                                                                                                                                                                        • _printf.LIBCMT ref: 004371EC
                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00437208
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe, xrefs: 00437189
                                                                                                                                                                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 004371E7
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: HandleLoadModuleString$Message_printf
                                                                                                                                                                                                                        • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe
                                                                                                                                                                                                                        • API String ID: 220974073-2606115236
                                                                                                                                                                                                                        • Opcode ID: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                                                                                                                                                                                                                        • Instruction ID: cc9e6972dbc5209964c20f0f7d1f7455a13934f6c555fd98bc0bf92a0502fb90
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7014FB2A543447AE620EB549D06FFB365CABC4B01F444C1EB794A60C0AAF865548BBA
                                                                                                                                                                                                                        Function 00456168 Relevance: 13.7, APIs: 9, Instructions: 181COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                                                                                                                                                                                                                        • Instruction ID: 20732dcab93056f759d0b04a6df1a57780e33876730225f1fefd21ccf2a16f59
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36519070200301ABD320DF29CC85F5BB7E8EB48715F540A1EF995E7292D7B4E949CB29
                                                                                                                                                                                                                        Function 004534EB Relevance: 13.6, APIs: 9, Instructions: 150filestringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,?,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,004A8E80,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,0040F3D2), ref: 0040FFCA
                                                                                                                                                                                                                          • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 0045355E
                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 0045358E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$AttributesFullMoveNamePathlstrcmpi
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 978794511-0
                                                                                                                                                                                                                        • Opcode ID: 905b41a6b5f1f1e7811aa1c06e555ad1605d40905c9a381d53b63ac73f12040d
                                                                                                                                                                                                                        • Instruction ID: dcad70f49e32ae1adaf0c812d378eb0bba467e0a617048934f4a65f03e3a0b24
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 905b41a6b5f1f1e7811aa1c06e555ad1605d40905c9a381d53b63ac73f12040d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 665162B25043406AC724EF61D885ADFB3E8AFC8305F44992EB94992151E73DD34DC767
                                                                                                                                                                                                                        Function 004417BC Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                                                                                                                                                                                                                        • Instruction ID: b1e2397247e50d0c7000acf5a2db8631a214b417b603bec0598d849dd48054e0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E54128332402806BE320A75DB8C4ABBFB98E7A2362F50443FF18196520D76678C5D339
                                                                                                                                                                                                                        Function 00445CF9 Relevance: 13.6, APIs: 9, Instructions: 69sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0044593E: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 0044595D
                                                                                                                                                                                                                          • Part of subcall function 0044593E: GetCurrentThreadId.KERNEL32 ref: 00445964
                                                                                                                                                                                                                          • Part of subcall function 0044593E: AttachThreadInput.USER32(00000000,?,00000001,00478FA7), ref: 0044596B
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D15
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00445D35
                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00445D3F
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D45
                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000027,00000000), ref: 00445D66
                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00445D70
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D76
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00445D8B
                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000), ref: 00445D8F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2014098862-0
                                                                                                                                                                                                                        • Opcode ID: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                                                                                                                                                                                                                        • Instruction ID: b085f3065cf9cd100f04f322da00d4b037e108fc79bf5967fdabce1cd6d2e74b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B116971790704B7F620AB958C8AF5A7399EF88B11F20080DF790AB1C1C9F5E4418B7C
                                                                                                                                                                                                                        Function 0045427D Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 259libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressProc_malloc$_strcat_strlen
                                                                                                                                                                                                                        • String ID: AU3_FreeVar
                                                                                                                                                                                                                        • API String ID: 2184576858-771828931
                                                                                                                                                                                                                        • Opcode ID: 4909a4179154194bbb5ad4651ae7e3d2ad5cecafef5c208f0853367efa8f6917
                                                                                                                                                                                                                        • Instruction ID: c940ad03d776ce5ee908f8b881b33357b51647545ffc53e819ca791e1fdac2da
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4909a4179154194bbb5ad4651ae7e3d2ad5cecafef5c208f0853367efa8f6917
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EDA18DB5604205DFC300DF59C480A2AB7E5FFC8319F1489AEE9554B362D739ED89CB8A
                                                                                                                                                                                                                        Function 0044AA1F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 171networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AA5A
                                                                                                                                                                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AA8D
                                                                                                                                                                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0044AAF9
                                                                                                                                                                                                                        • InternetSetOptionW.WININET(00000000,0000001F,?,00000004), ref: 0044AB11
                                                                                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB20
                                                                                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,00000000,00000000), ref: 0044AB61
                                                                                                                                                                                                                          • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1291720006-3916222277
                                                                                                                                                                                                                        • Opcode ID: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                                                                                                                                                                                                                        • Instruction ID: 782b6278bf246bef60821ca34847c3ce69a0d92f774604c9678bedd135ce19ea
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C51E6B12803016BF320EB65CD85FBBB7A8FB89704F00091EF74196181D7B9A548C76A
                                                                                                                                                                                                                        Function 0046BB59 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLastselect
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 215497628-2761332787
                                                                                                                                                                                                                        • Opcode ID: 8403caabb69194ab749b3558b6d17cf16ba223cf5fbe2e3d1d341ca8c1bfc534
                                                                                                                                                                                                                        • Instruction ID: a252b81ccbce03d1e7b1b0efababa2c0a0929072778302a7b1202b90a7697d70
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8403caabb69194ab749b3558b6d17cf16ba223cf5fbe2e3d1d341ca8c1bfc534
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF51E4726043005BD320EB65DC42F9BB399EB94324F044A2EF558E7281EB79E944C7AA
                                                                                                                                                                                                                        Function 0047D2F8 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __snwprintf__wcsicoll_wcscpy
                                                                                                                                                                                                                        • String ID: , $$0vH$AUTOITCALLVARIABLE%d$CALLARGARRAY
                                                                                                                                                                                                                        • API String ID: 1729044348-3708979750
                                                                                                                                                                                                                        • Opcode ID: e5856c69d37335927e932bb259c431c810e65197c095b32473e915812f67d75c
                                                                                                                                                                                                                        • Instruction ID: 823d0c4529048d9f890bbf28e75db1a658c609af9319d28fcdda535ef0d13f31
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5856c69d37335927e932bb259c431c810e65197c095b32473e915812f67d75c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E651A571514300ABD610EF65C882ADFB3A4EFC4348F048D2FF54967291D779E949CBAA
                                                                                                                                                                                                                        Function 0044BBC9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100filestringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,?,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,004A8E80,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,0040F3D2), ref: 0040FFCA
                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 0044BC04
                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 0044BC38
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 0044BCAA
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0044BCB7
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0044BCCB
                                                                                                                                                                                                                        • SHFileOperationW.SHELL32 ref: 0044BD16
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                        • API String ID: 2326526234-1173974218
                                                                                                                                                                                                                        • Opcode ID: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                                                                                                                                                                                                                        • Instruction ID: 9e4979448571685848097db6772507fbfe8bfb8d1337cd0032b1ea927bdad9db
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B3183B14083019AD724EF21C5D5ADFB3E4EFC8304F444D6EB98993251EB39E608D7AA
                                                                                                                                                                                                                        Function 004366BE Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00436328: _wcsncpy.LIBCMT ref: 0043633C
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 004366DD
                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00436700
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0043670F
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00436727
                                                                                                                                                                                                                        • _wcsrchr.LIBCMT ref: 0043674C
                                                                                                                                                                                                                          • Part of subcall function 004366BE: CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00000000), ref: 0043678F
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                                                                                                                                                                                                                        • String ID: \
                                                                                                                                                                                                                        • API String ID: 321622961-2967466578
                                                                                                                                                                                                                        • Opcode ID: 3d3187412736f1559758a6cd6e40f0a594bd5d43c4c9ea1cccac3023e941b0f8
                                                                                                                                                                                                                        • Instruction ID: 68cadaa88695c7c006562ade17844284f7fc34f8e7e15af3b97584e331f528d6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d3187412736f1559758a6cd6e40f0a594bd5d43c4c9ea1cccac3023e941b0f8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C2148765003017ADB20A724EC47AFF33989F95764F90993EFD14D6281E779950882AE
                                                                                                                                                                                                                        Function 0044C80C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __wcsnicmp
                                                                                                                                                                                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                        • API String ID: 1038674560-2734436370
                                                                                                                                                                                                                        • Opcode ID: dc7e98e38d8725b7134af3b864f32bf76aed1b78794146943df9d66deb8fb3e7
                                                                                                                                                                                                                        • Instruction ID: f72ce1d64a5a3b865947b719243e4701f1ba8c8209579f194a7ae3ad15c73224
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc7e98e38d8725b7134af3b864f32bf76aed1b78794146943df9d66deb8fb3e7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B21F87261161067E730B659DCC2BDB63985F65305F04406BF800AA247D6ADA98A83AA
                                                                                                                                                                                                                        Function 00441561 Relevance: 12.1, APIs: 8, Instructions: 101windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0044157D
                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00441585
                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00441590
                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0044159B
                                                                                                                                                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,000000FF,000000FF,000000FF,00000001,00000004,00000000,?,00000000,00000000), ref: 004415E9
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00441601
                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00441639
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00441659
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3864802216-0
                                                                                                                                                                                                                        • Opcode ID: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                                                                                                                                                                                                                        • Instruction ID: 4e191e68d33858d232da06d8f8bca50b2e2c885119a5133d865ec5329e905ca2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1531C172240344BBE7208B14CD49FAB77EDEB88B15F08450DFB44AA2D1DAB4ED808B64
                                                                                                                                                                                                                        Function 00401230 Relevance: 12.1, APIs: 8, Instructions: 83windowtimeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00401257
                                                                                                                                                                                                                          • Part of subcall function 00401BE0: _memset.LIBCMT ref: 00401C62
                                                                                                                                                                                                                          • Part of subcall function 00401BE0: _wcsncpy.LIBCMT ref: 00401CA1
                                                                                                                                                                                                                          • Part of subcall function 00401BE0: _wcscpy.LIBCMT ref: 00401CBD
                                                                                                                                                                                                                          • Part of subcall function 00401BE0: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                                                                                                                                                                                                                        • KillTimer.USER32(?,?), ref: 004012B0
                                                                                                                                                                                                                        • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012BF
                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AA80
                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AACC
                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AB0F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: IconNotifyShell_$Timer_memset$Kill_wcscpy_wcsncpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1792922140-0
                                                                                                                                                                                                                        • Opcode ID: 91f47cbc1f218a7f09512ea68bd6b482f011e20e77652f43937312b7b91c0350
                                                                                                                                                                                                                        • Instruction ID: 78dbdb20408675f5dda5a176dd8a03fc230073daf987e80dd157250a536ae6f7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91f47cbc1f218a7f09512ea68bd6b482f011e20e77652f43937312b7b91c0350
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56319670609642BFD319CB24D544B9BFBE8BF85304F04856EF488A3251C7789A19D7AB
                                                                                                                                                                                                                        Function 004140DB Relevance: 12.0, APIs: 8, Instructions: 42threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___set_flsgetvalue.LIBCMT ref: 004140E1
                                                                                                                                                                                                                          • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                                                                                                                          • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                                                                                                                          • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                                                                                                                        • ___fls_getvalue@4.LIBCMT ref: 004140EC
                                                                                                                                                                                                                          • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                                                                                                                        • ___fls_setvalue@8.LIBCMT ref: 004140FF
                                                                                                                                                                                                                          • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 00414108
                                                                                                                                                                                                                        • ExitThread.KERNEL32 ref: 0041410F
                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00414115
                                                                                                                                                                                                                        • __freefls@4.LIBCMT ref: 00414135
                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1925773019-0
                                                                                                                                                                                                                        • Opcode ID: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
                                                                                                                                                                                                                        • Instruction ID: d0499dd1a11a7aa3f5f6b81cdb2be0183561266298d4129ec5ef95b8f2f1ff50
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12018430000200ABC704BFB2DD0D9DE7BA9AF95345722886EF90497212DA3CC9C28B5C
                                                                                                                                                                                                                        Function 004357AD Relevance: 12.0, APIs: 8, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • VariantClear.OLEAUT32(00000038), ref: 004357C3
                                                                                                                                                                                                                        • VariantClear.OLEAUT32(00000058), ref: 004357C9
                                                                                                                                                                                                                        • VariantClear.OLEAUT32(00000068), ref: 004357CF
                                                                                                                                                                                                                        • VariantClear.OLEAUT32(00000078), ref: 004357D5
                                                                                                                                                                                                                        • VariantClear.OLEAUT32(00000088), ref: 004357DE
                                                                                                                                                                                                                        • VariantClear.OLEAUT32(00000048), ref: 004357E4
                                                                                                                                                                                                                        • VariantClear.OLEAUT32(00000098), ref: 004357ED
                                                                                                                                                                                                                        • VariantClear.OLEAUT32(000000A8), ref: 004357F6
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ClearVariant
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1473721057-0
                                                                                                                                                                                                                        • Opcode ID: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                                                                                                                                                                                                                        • Instruction ID: 4669651a97e20320d925a323ac357da1b1419afffb7c9eb93274aad60c959a81
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BDF03CB6400B446AC235EB79DC40BD7B7E86F89200F018E1DE58783514DA78F588CB64
                                                                                                                                                                                                                        Function 00464A0E Relevance: 10.8, APIs: 7, Instructions: 281networkmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • WSAStartup.WSOCK32(00000101,?,?), ref: 00464ADE
                                                                                                                                                                                                                          • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                                                                                                                                                                                                                        • inet_addr.WSOCK32(?,00000000,?,?,00000101,?,?), ref: 00464B1F
                                                                                                                                                                                                                        • gethostbyname.WSOCK32(?,?,00000000,?,?,00000101,?,?), ref: 00464B29
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00464B92
                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000040), ref: 00464B9E
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00464CDE
                                                                                                                                                                                                                        • WSACleanup.WSOCK32 ref: 00464CE4
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memsetgethostbynameinet_addr
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3424476444-0
                                                                                                                                                                                                                        • Opcode ID: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                                                                                                                                                                                                                        • Instruction ID: 8d90feaebe95447676150adcea4a136074f650e12d33839f26a9dde16614cdb7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3A17EB1504300AFD710EF65C982F9BB7E8AFC8714F54491EF64497381E778E9058B9A
                                                                                                                                                                                                                        Function 00440B39 Relevance: 10.8, APIs: 7, Instructions: 261COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000000F), ref: 00440B7B
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MetricsSystem
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4116985748-0
                                                                                                                                                                                                                        • Opcode ID: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                                                                                                                                                                                                                        • Instruction ID: 1e23dbab6d9439f1299be2c39bdf7de0481ead398f869a6d5eaf0ea33fa99bdf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8EA19C70608701DBE314CF68C984B6BBBE1FB88704F14491EFA8593251E778F965CB5A
                                                                                                                                                                                                                        Function 0046AB70 Relevance: 10.8, APIs: 7, Instructions: 260registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AC62
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ConnectRegistry_wcslen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 535477410-0
                                                                                                                                                                                                                        • Opcode ID: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                                                                                                                                                                                                                        • Instruction ID: 71109d01e6e71572d3d886d5d9f1e4ab699fb1be984f768d753da2f0a00da466
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBA18EB1204300AFC710EF65C885B1BB7E4BF85704F14896EF685AB292D779E905CB9B
                                                                                                                                                                                                                        Function 0045377F Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 004538C4
                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?), ref: 004538EF
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00453960
                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(00000011,?,00000000,?), ref: 004539C4
                                                                                                                                                                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000,?,?), ref: 004539E0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ItemMenu$Info_wcslen$Default_memset_wcscpy
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 3530711334-4108050209
                                                                                                                                                                                                                        • Opcode ID: c8c2b72c749714a23e45c10816ef9459d7fe91b5f095051f547869ed1843acb9
                                                                                                                                                                                                                        • Instruction ID: 97d09e0af2b4d046480d7fb626e7fa0667c22e7462995616ff61acde959b3bac
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8c2b72c749714a23e45c10816ef9459d7fe91b5f095051f547869ed1843acb9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 747118F15083015AD714DF65C881B6BB7E4EB98396F04491FFD8082292D7BCDA4CC7AA
                                                                                                                                                                                                                        Function 0047395A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?), ref: 00473A00
                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00473A0E
                                                                                                                                                                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00473A34
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,00000028), ref: 00473C01
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 3488606520-2761332787
                                                                                                                                                                                                                        • Opcode ID: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                                                                                                                                                                                                                        • Instruction ID: 2161edc7e7eefe464b48455ffcea7dd3157e2cbe85e131cccd8837112284b0a3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3581BF71A043019FD320EF69C882B5BF7E4AF84744F108C2EF598AB392D675E945CB96
                                                                                                                                                                                                                        Function 004472C8 Relevance: 10.7, APIs: 7, Instructions: 207COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                          • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                          • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                        • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                                                                                                                                                                                                                        • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                                                                                                                                                                                                                        • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                                                                                                                                                                                                                        • LineTo.GDI32(?,?), ref: 004474BF
                                                                                                                                                                                                                        • CloseFigure.GDI32(?), ref: 004474C6
                                                                                                                                                                                                                        • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                                                                                                                                                                                                                        • Rectangle.GDI32(?,?), ref: 004474F3
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4082120231-0
                                                                                                                                                                                                                        • Opcode ID: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                                                                                                                                                                                                                        • Instruction ID: e2e17d079c8faeb919f1a119f9aa9df975eabc7d00289576b12f70c1741c819b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC713AB11083419FD300DF15C884E6BBBE9EFC9708F148A1EF99497351D778A906CBAA
                                                                                                                                                                                                                        Function 00447303 Relevance: 10.7, APIs: 7, Instructions: 192COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                          • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                          • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                        • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                                                                                                                                                                                                                        • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                                                                                                                                                                                                                        • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                                                                                                                                                                                                                        • LineTo.GDI32(?,?), ref: 004474BF
                                                                                                                                                                                                                        • CloseFigure.GDI32(?), ref: 004474C6
                                                                                                                                                                                                                        • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                                                                                                                                                                                                                        • Rectangle.GDI32(?,?), ref: 004474F3
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4082120231-0
                                                                                                                                                                                                                        • Opcode ID: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                                                                                                                                                                                                                        • Instruction ID: 71053adf7dd607ae91079c2ca5de7ffea4483cc305881a9741cc2e8bc8d6f2cf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55613BB51083419FD300DF55CC84E6BBBE9EBC9308F148A1EF99597351D738A906CB6A
                                                                                                                                                                                                                        Function 0044733D Relevance: 10.7, APIs: 7, Instructions: 177COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AngleCloseEllipseFigureLineMovePixelRectangle
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 288456094-0
                                                                                                                                                                                                                        • Opcode ID: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                                                                                                                                                                                                                        • Instruction ID: d3db7697bfba14f4a3ad6627a8a5faa1010559558ae5e3f89cc6b0bd66950af4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90514BB51082419FD300DF15CC84E6BBBE9EFC9308F14891EF99497351D734A906CB6A
                                                                                                                                                                                                                        Function 0044496C Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 004449B0
                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 004449C3
                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 00444A0F
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 00444A3F
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 00444A60
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444AAC
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444AD1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                                                                                        • Opcode ID: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                                                                                                                                                                                                                        • Instruction ID: 19c159416ad4887e81d4090d30fbb5c505c675cee05c330e2fd8e115592bd25d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B651C5A05487D139F7369234884ABA7BFD55F8A304F08CA4EF1E5156C3D2ECE984C769
                                                                                                                                                                                                                        Function 00444B65 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 00444BA9
                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00444BBC
                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 00444C08
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000010,?), ref: 00444C35
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000011,?), ref: 00444C53
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444C9C
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444CBE
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                                                                                        • Opcode ID: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                                                                                                                                                                                                                        • Instruction ID: 4493abccadab05ae7d00f733e1fa63583af0c494729619d74f1516a50adc8d80
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A951E4F05097D139F7369364884ABA7BFE46F8A304F088A4EF1D5065C2D2ACE984C769
                                                                                                                                                                                                                        Function 004498BD Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                                                                                                                                                                                                                        • Instruction ID: b3b3da583a0ae8cfa3180eda0e634cae40a493ebdfd517dbec9d2fd4fbd82cb1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E513A315082909FE321CF14DC89FABBB64FB46320F18456FF895AB2D1D7649C06D7AA
                                                                                                                                                                                                                        Function 0046A98D Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AA77
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ConnectRegistry_wcslen
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 535477410-2761332787
                                                                                                                                                                                                                        • Opcode ID: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                                                                                                                                                                                                                        • Instruction ID: 7b41397762752e7dec08e47bcdb2cb2f58790b6f4670524580eb9da3090621e6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2516D71208301AFD304EF65C981F5BB7A9BFC4704F40892EF685A7291D678E905CB6B
                                                                                                                                                                                                                        Function 00457C08 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00457C34
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 00457CE8
                                                                                                                                                                                                                        • ShellExecuteExW.SHELL32(?), ref: 00457D34
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00457DDD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _memset$CloseExecuteHandleShell_wcscpy_wcslen
                                                                                                                                                                                                                        • String ID: <$@
                                                                                                                                                                                                                        • API String ID: 1325244542-1426351568
                                                                                                                                                                                                                        • Opcode ID: 669f3797eafbd6ea24f738bceaf78c3ad3f6bdf3b3f8ec2a74c9f7251b65f49f
                                                                                                                                                                                                                        • Instruction ID: 09e461bdfc47c8bdd671eddb31188d347eda7c51057725e13e77015b5001baed
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 669f3797eafbd6ea24f738bceaf78c3ad3f6bdf3b3f8ec2a74c9f7251b65f49f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA510FB55083009FC710EF61D985A5BB7E4AF84709F00492EFD44AB392DB39ED48CB9A
                                                                                                                                                                                                                        Function 0047375F Relevance: 10.6, APIs: 7, Instructions: 150processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(?,?,?,?,?,?,?,?,?,00000002,00000000,00000014), ref: 0047379B
                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 004737A8
                                                                                                                                                                                                                        • __wsplitpath.LIBCMT ref: 004737E1
                                                                                                                                                                                                                          • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                        • _wcscat.LIBCMT ref: 004737F6
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 00473818
                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00473844
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,?), ref: 00473852
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2547909840-0
                                                                                                                                                                                                                        • Opcode ID: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                                                                                                                                                                                                                        • Instruction ID: 8efa427203ffd7a45d167e3a64f6abf3f3640219bb0751621114887cb14f0fc1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4751BB71544304A7D720EF61CC86FDBB3E8AF84748F00492EF58957182E775E645C7AA
                                                                                                                                                                                                                        Function 00455297 Relevance: 10.6, APIs: 7, Instructions: 149windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 004552B7
                                                                                                                                                                                                                        • ImageList_Remove.COMCTL32(?,?,?,?), ref: 004552EB
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004553D3
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2354583917-0
                                                                                                                                                                                                                        • Opcode ID: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                                                                                                                                                                                                                        • Instruction ID: 19c5dc8500d05a42ca126c51664c70dafe1d1a8ca3b523478e8997b137d6e309
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77519D30204A419FC714DF24C4A4B7A77E5FB49301F4486AEFD9ACB392DB78A849CB54
                                                                                                                                                                                                                        Function 00463D7E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 141libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(00000000), ref: 00463DD1
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 00463E68
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 00463E84
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 00463ECE
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00000000,?), ref: 00463EF0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                                                                        • String ID: #v
                                                                                                                                                                                                                        • API String ID: 2449869053-554117064
                                                                                                                                                                                                                        • Opcode ID: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                                                                                                                                                                                                                        • Instruction ID: 5a5949aabc30296464acd143044f95cbdcafad8a77d2d24e7d672d776762960f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9051C1752043409FC300EF25C881A5BB7A4FF89305F00456EF945A73A2DB79EE45CBAA
                                                                                                                                                                                                                        Function 0047762A Relevance: 10.6, APIs: 7, Instructions: 140windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                                                                                                                        • GetMenu.USER32 ref: 004776AA
                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00000000), ref: 004776CC
                                                                                                                                                                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 004776FB
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0047771A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Menu$CountItemStringWindow_wcslen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1823500076-0
                                                                                                                                                                                                                        • Opcode ID: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                                                                                                                                                                                                                        • Instruction ID: 4b9e656becebfc5f52f27a1d7ad2c07a58398098864d75d3a5ce1c02cc274359
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 174117715083019FD320EF25CC45BABB3E8BF88314F10492EF55997252D7B8E9458BA9
                                                                                                                                                                                                                        Function 00448877 Relevance: 10.6, APIs: 7, Instructions: 130windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0044890A
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000469,?,00000000), ref: 00448920
                                                                                                                                                                                                                        • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                                                                                                                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                                                                                                                        • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                                                                                                                        • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                                                                                                                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$Enable$Show$MessageMoveSend
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 896007046-0
                                                                                                                                                                                                                        • Opcode ID: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                                                                                                                                                                                                                        • Instruction ID: 0809a8548e22334437b8974569d6adfa08582830463fbdb99c3481629354d751
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63419E746043419FF7248B24C884B6FB7A1FB99305F18886EF98197391DA78A845CB59
                                                                                                                                                                                                                        Function 004413F0 Relevance: 10.6, APIs: 7, Instructions: 114windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00441452
                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00441493
                                                                                                                                                                                                                        • SendMessageW.USER32(03121C98,000000F1,00000000,00000000), ref: 004414C6
                                                                                                                                                                                                                        • SendMessageW.USER32(03121C98,000000F1,00000001,00000000), ref: 004414F1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 312131281-0
                                                                                                                                                                                                                        • Opcode ID: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                                                                                                                                                                                                                        • Instruction ID: f6a862a32ccfd92e4f153a1965fa7dc80102ffdb8abe4b8a046001f82176c48d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F416A347442019FE720CF58DCC4F6A77A5FB8A754F24416AE5519B3B1CB75AC82CB48
                                                                                                                                                                                                                        Function 0044849C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 004484C4
                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 00448562
                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 0044857B
                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 004485D0
                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 004485E4
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 3866635326-4108050209
                                                                                                                                                                                                                        • Opcode ID: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                                                                                                                                                                                                                        • Instruction ID: c1b4c65bd9dbf201e14e83578cc8030a3c247867dd5f1e451e409e2153a24926
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F417F75604341AFE710CF45C984B6BB7E4FB89304F14881EFA554B391DBB4E849CB5A
                                                                                                                                                                                                                        Function 0047244D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • InterlockedIncrement.KERNEL32 ref: 0047247C
                                                                                                                                                                                                                        • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472491
                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00472499
                                                                                                                                                                                                                        • InterlockedIncrement.KERNEL32(004A7CAC), ref: 004724A4
                                                                                                                                                                                                                        • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472599
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Interlocked$DecrementIncrement$Sleep
                                                                                                                                                                                                                        • String ID: 0vH
                                                                                                                                                                                                                        • API String ID: 327565842-3662162768
                                                                                                                                                                                                                        • Opcode ID: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                                                                                                                                                                                                                        • Instruction ID: 7246262c18bb701d5349304b0e2d21290bf7c9637501dd5a114e6955e8e78370
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9631D2329082259BD710DF28DD41A8A77A5EB95324F05483EFD08FB251DB78EC498BED
                                                                                                                                                                                                                        Function 00448AFF Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448B16
                                                                                                                                                                                                                        • GetFocus.USER32 ref: 00448B1C
                                                                                                                                                                                                                        • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                                                                                                                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                                                                                                                        • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                                                                                                                        • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                                                                                                                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$Enable$Show$FocusMessageSend
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3429747543-0
                                                                                                                                                                                                                        • Opcode ID: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                                                                                                                                                                                                                        • Instruction ID: 96ed947056310062a3fa6d2350adc65d304252fdbf70c479ab88671ed4e09c2c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC31B4706443819BF7248E14C8C4BAFB7D0EB95745F04492EF981A6291DBA89845C719
                                                                                                                                                                                                                        Function 0045D321 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D32F
                                                                                                                                                                                                                        • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3B3
                                                                                                                                                                                                                        • __swprintf.LIBCMT ref: 0045D3CC
                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D416
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                                                                                        • String ID: %lu$HH
                                                                                                                                                                                                                        • API String ID: 3164766367-3924996404
                                                                                                                                                                                                                        • Opcode ID: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                                                                                                                                                                                                                        • Instruction ID: e4de0c6df68350460ad5232616e5185c9d799459bd1b640414cfcbd8d86849a8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85314A716083019BC310EF55D941A5BB7E4FF88704F40892EFA4597292D774EA09CB9A
                                                                                                                                                                                                                        Function 00450DB4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450E24
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450E35
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450E43
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450E54
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450E62
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                        • String ID: Msctls_Progress32
                                                                                                                                                                                                                        • API String ID: 3850602802-3636473452
                                                                                                                                                                                                                        • Opcode ID: 42656bfbb5a190feb894f1e63281698c22ff60bbec02a0e57f9bf8616b6fd2a5
                                                                                                                                                                                                                        • Instruction ID: b51c377fab27852337593a8f268aff884918310fa347e0537580fa9f3b853d23
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42656bfbb5a190feb894f1e63281698c22ff60bbec02a0e57f9bf8616b6fd2a5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C2121712543007AE7209A65DC42F5BB3E9AFD8B24F214A0EF754B72D1C6B4F8418B58
                                                                                                                                                                                                                        Function 00455449 Relevance: 10.6, APIs: 7, Instructions: 75windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 00455451
                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 0045545F
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Destroy$DeleteImageList_ObjectWindow$Icon
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3985565216-0
                                                                                                                                                                                                                        • Opcode ID: dc022e11ae60a508d3fee16e2099accab07c71a042b18f60c16d9d094d7ead98
                                                                                                                                                                                                                        • Instruction ID: 02eb1b45cc7e926b76574f27881fb1e8d9d372094f4d7b34cf8607babd6cb63d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc022e11ae60a508d3fee16e2099accab07c71a042b18f60c16d9d094d7ead98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA213270200A019FCB20DF65CAD4B2A77A9BF45312F50855EED45CB352DB39EC45CB69
                                                                                                                                                                                                                        Function 00415702 Relevance: 10.6, APIs: 7, Instructions: 74threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___set_flsgetvalue.LIBCMT ref: 00415737
                                                                                                                                                                                                                        • __calloc_crt.LIBCMT ref: 00415743
                                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00415750
                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,?,0041568B,00000000,00000004,00000000), ref: 00415776
                                                                                                                                                                                                                        • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00415786
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 00415791
                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 004157A9
                                                                                                                                                                                                                          • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                                                                                                                          • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1269668773-0
                                                                                                                                                                                                                        • Opcode ID: 0d7b65c6ab38dbefdfd62d93c8bf275ac45e934a4136d591895be9c5171332a1
                                                                                                                                                                                                                        • Instruction ID: 083f1b3d72dc2b4e3073d7627409da2efaae6cca9fbdfa2eb2c15b7cb2a145f7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d7b65c6ab38dbefdfd62d93c8bf275ac45e934a4136d591895be9c5171332a1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4511E672501604EFC720AF76DC868DF7BA4EF80334F21412FF525922D1DB788981966D
                                                                                                                                                                                                                        Function 00439102 Relevance: 10.5, APIs: 7, Instructions: 46threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00438FE4: GetProcessHeap.KERNEL32(00000008,0000000C,0043910A,00000000,00000000,00000000,0044646E,?,?,?), ref: 00438FE8
                                                                                                                                                                                                                          • Part of subcall function 00438FE4: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FEF
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,0044646E,?,?,?), ref: 00439119
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439123
                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0043912C
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00439138
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439142
                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00439145
                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,004390C2,00000000,00000000,00000000), ref: 0043915E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1957940570-0
                                                                                                                                                                                                                        • Opcode ID: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                                                                                                                                                                                                                        • Instruction ID: b388a4287fabc35bf2088fa38ebc9459a42e34e8a642192e1b63b89709cb9be3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3BF0CD753413007BD220EB65DC86F5BB7A8EBC9B10F118919F6049B1D1C6B4A800CB65
                                                                                                                                                                                                                        Function 0041568B Relevance: 10.5, APIs: 7, Instructions: 37threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___set_flsgetvalue.LIBCMT ref: 00415690
                                                                                                                                                                                                                          • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                                                                                                                          • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                                                                                                                          • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                                                                                                                        • ___fls_getvalue@4.LIBCMT ref: 0041569B
                                                                                                                                                                                                                          • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                                                                                                                        • ___fls_setvalue@8.LIBCMT ref: 004156AD
                                                                                                                                                                                                                          • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 004156B6
                                                                                                                                                                                                                        • ExitThread.KERNEL32 ref: 004156BD
                                                                                                                                                                                                                        • __freefls@4.LIBCMT ref: 004156D9
                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4166825349-0
                                                                                                                                                                                                                        • Opcode ID: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
                                                                                                                                                                                                                        • Instruction ID: 1015f584654e325efa3cacb901eba7c9ae2b5aefa54885f90b4e6d99173acdac
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14F049745007009BD704BF72DD159DE7B69AF85345761C85FB80897222DA3DC9C1CB9C
                                                                                                                                                                                                                        Function 00434124 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,p#D,0043415E,p#D,?,00442370,?), ref: 00434134
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00434146
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll$p#D$p#D
                                                                                                                                                                                                                        • API String ID: 2574300362-3261711971
                                                                                                                                                                                                                        • Opcode ID: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                                                                                                                                                                                                                        • Instruction ID: cb82693085896f9455b4638215a98dd7e3cb824177552166877179ce6000b7c2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8D05EB0400B039FCB105F24D8086AB76F4EB68700F208C2EF989A3750C7B8E8C0CB68
                                                                                                                                                                                                                        Function 0047B1D0 Relevance: 9.5, APIs: 6, Instructions: 489COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                                                                                                                                                                                                                        • Instruction ID: be39947db1ffbcb7075193c31d102fc15fe4f6af8d23ce90efbce3d2b6a77a88
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4BF16D71108740AFD210DB59C880EABB7F9EFCA744F10891EF69983261D735AC45CBAA
                                                                                                                                                                                                                        Function 004336C7 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00433724
                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00433757
                                                                                                                                                                                                                        • GetClientRect.USER32(0000001D,?), ref: 004337AC
                                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000000F), ref: 00433800
                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00433814
                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00433842
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3220332590-0
                                                                                                                                                                                                                        • Opcode ID: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                                                                                                                                                                                                                        • Instruction ID: 40e56d112be44df416332e5c874318f33691c6b0c201ea6c9f9086adb5117cf0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9A126B42147028AC324CF68C5847ABBBF1FF98715F04991EE9D983360E775E908CB5A
                                                                                                                                                                                                                        Function 00457838 Relevance: 9.2, APIs: 6, Instructions: 176COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _malloc_wcslen$_strcat_wcscpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1612042205-0
                                                                                                                                                                                                                        • Opcode ID: de2929fcda50375e6e5cb9f1075b8832783a078aa1feca3c1cc6154b42d84a61
                                                                                                                                                                                                                        • Instruction ID: 39b6431fb86a1cae222df6ecce28f21653e085caad8de22f1e35678e4483a9b6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de2929fcda50375e6e5cb9f1075b8832783a078aa1feca3c1cc6154b42d84a61
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD613B70504202EFCB10EF29D58096AB3E5FF48305B50496EF8859B306D738EE59DB9A
                                                                                                                                                                                                                        Function 0044C522 Relevance: 9.2, APIs: 6, Instructions: 155windowkeyboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C588
                                                                                                                                                                                                                        • SetKeyboardState.USER32(00000080), ref: 0044C59B
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000104,?,?), ref: 0044C5EC
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,?,?), ref: 0044C610
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C637
                                                                                                                                                                                                                        • SendInput.USER32 ref: 0044C6E2
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$InputSend
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2221674350-0
                                                                                                                                                                                                                        • Opcode ID: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                                                                                                                                                                                                                        • Instruction ID: 3a634557d1668dba9f4fbb3ffee1259adddcddb7f3fce46f2ce6721246940f3b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A24148725053486AF760EF209C80BFFBB98EF95324F04151FFDC412281D66E984987BA
                                                                                                                                                                                                                        Function 00445153 Relevance: 9.1, APIs: 6, Instructions: 142COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcscpy$_wcscat
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2037614760-0
                                                                                                                                                                                                                        • Opcode ID: f99e136c889cacb8689bc9f00eee4ad51686cf745bff212a4790763dd87d00cb
                                                                                                                                                                                                                        • Instruction ID: 871aa96d6b0d5f43eceffdadd72b032f7becd6ba50fbda5e2bca5dd503650597
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f99e136c889cacb8689bc9f00eee4ad51686cf745bff212a4790763dd87d00cb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D41BD31901A256BDE317F55D880BBB7358DFA1314F84006FF98247313EA6E5892C6BE
                                                                                                                                                                                                                        Function 00447B66 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • BeginPaint.USER32(00000000,?,004A83D8,?), ref: 00447B9D
                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00447C1B
                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00447C39
                                                                                                                                                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                                                                                                                                                                                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                                                                                                                                                                                                                        • EndPaint.USER32(?,?), ref: 00447CD1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4189319755-0
                                                                                                                                                                                                                        • Opcode ID: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                                                                                                                                                                                                                        • Instruction ID: de699fe3e67e71f806f86ee7feca1bcffcb0489daa19151882f3061068cc4b26
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D14182705043019FE320DF15C8C8F7B7BA8EB89724F04466EF9548B391DB74A846CB69
                                                                                                                                                                                                                        Function 0044B474 Relevance: 9.1, APIs: 6, Instructions: 113fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B490
                                                                                                                                                                                                                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4C2
                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000000), ref: 0044B4E3
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000000), ref: 0044B5A0
                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B5BB
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5D1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1726766782-0
                                                                                                                                                                                                                        • Opcode ID: 16d5c57b5e53c2061fc4ac4ded6e87df9b6247511e9ffc13c2dfc8627616166f
                                                                                                                                                                                                                        • Instruction ID: bf52b5dc2e344941501510e432fc863898df75637e45487ca8cd05157db66b41
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16d5c57b5e53c2061fc4ac4ded6e87df9b6247511e9ffc13c2dfc8627616166f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09415C75104701AFD320EF26D845EABB3F8EF88708F008E2DF59A92650D774E945CB6A
                                                                                                                                                                                                                        Function 00441077 Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 004410F9
                                                                                                                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 0044111A
                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 00441183
                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000004,?,?,?,00448962,004A83D8,?,?), ref: 00441192
                                                                                                                                                                                                                        • EnableWindow.USER32(?,00000001), ref: 004411B3
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000130C,?,00000000), ref: 004411D5
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 642888154-0
                                                                                                                                                                                                                        • Opcode ID: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                                                                                                                                                                                                                        • Instruction ID: 824eeaafe1f931a994963cd163acc5b0ce47b26168a6fd4ee38d593e4569daee
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14417770604245DFE725CF14C984FA6B7E5BF89300F1886AEE6859B3B2CB74A881CB55
                                                                                                                                                                                                                        Function 00449063 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001024,00000000,?), ref: 004490E3
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004490F8
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000111E,00000000,?), ref: 0044910D
                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00449124
                                                                                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 0044912F
                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0044913C
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$LongWindow$InvalidateRect
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1976402638-0
                                                                                                                                                                                                                        • Opcode ID: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                                                                                                                                                                                                                        • Instruction ID: 8b80d2acd15126bdfc8b54909556444574c0e56a9806921f1e0b477f33817628
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F231B476244202AFF224DF04DC89FBBB7A9F785321F14492EF291973D0CA75AC469729
                                                                                                                                                                                                                        Function 00442582 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00442597
                                                                                                                                                                                                                          • Part of subcall function 004344B7: GetWindowRect.USER32(?,?), ref: 004344D3
                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 004425BF
                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 004425C6
                                                                                                                                                                                                                        • mouse_event.USER32(00008001,?,?,?,?), ref: 004425F5
                                                                                                                                                                                                                          • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00442624
                                                                                                                                                                                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00442690
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4137160315-0
                                                                                                                                                                                                                        • Opcode ID: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                                                                                                                                                                                                                        • Instruction ID: 1581b522c3ee05a339ffa1fd07f9e8cd23967deed6539873686ea33d82c69dd2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C31C1B2104306ABD310DF54CD85E6BB7E9FB98304F004A2EF94597281E675E9058BA6
                                                                                                                                                                                                                        Function 00448851 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044886C
                                                                                                                                                                                                                        • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                                                                                                                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                                                                                                                        • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                                                                                                                        • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                                                                                                                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$Enable$Show$MessageSend
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1871949834-0
                                                                                                                                                                                                                        • Opcode ID: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                                                                                                                                                                                                                        • Instruction ID: fbfed122d4da650e42f877d7e8bff2bfe9b33138fa51555fe8345b8bcc16d821
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A731F3B07443819BF7248E14C8C4BAFB7D0AB95345F08482EF981A63D1DBAC9846872A
                                                                                                                                                                                                                        Function 00449606 Relevance: 9.1, APIs: 6, Instructions: 91windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 0044961A
                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 0044964A
                                                                                                                                                                                                                          • Part of subcall function 00433A98: _wcspbrk.LIBCMT ref: 00433AAC
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 004496AC
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 004496BA
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 004496C7
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,?,?), ref: 004496FD
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$_wcslen$_memset_wcspbrk
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1624073603-0
                                                                                                                                                                                                                        • Opcode ID: 3158986b153f08837b9b71a8f77f3cc169978b1c24ba43a32ffefb24081b9654
                                                                                                                                                                                                                        • Instruction ID: 7e49a266cf7116299f7bc8659d1ce07b00adedb8b3f1b428e1954e4b11147a1e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3158986b153f08837b9b71a8f77f3cc169978b1c24ba43a32ffefb24081b9654
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B631CA71508300AAE720DF15DC81BEBB7D4EBD4720F504A1FFA54862D0EBBAD945C7A6
                                                                                                                                                                                                                        Function 004416D1 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                                                                                                                                                                                                                        • Instruction ID: 0263b137e1f68684b0dae4bb7f633391a2f723f0f4072b7ce39308acd6c8c458
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31219272245110ABE7108B68DCC4B6F7798EB96374F240A3AF512C61E1EA7998C1C769
                                                                                                                                                                                                                        Function 0045552E Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004555AD
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DestroyWindow$DeleteObject$IconMove
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1640429340-0
                                                                                                                                                                                                                        • Opcode ID: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                                                                                                                                                                                                                        • Instruction ID: 2ee25f48dcb0ad8048bc4d9c922f6cac320a9d705fdb810e808868a6102f62dc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05312770200A419FD724DF24C998B3A73F9FB44312F4485AAE945CB266E778EC49CB69
                                                                                                                                                                                                                        Function 00467E5E Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __fileno__setmode$DebugOutputString_fprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3354276064-0
                                                                                                                                                                                                                        • Opcode ID: 44da5cbe136b9a97bfd5e2050e6700f1212f0f901edc4668462b95a159366457
                                                                                                                                                                                                                        • Instruction ID: 1e9a75ed7ce68f0ee686932f25d41d1f14ae1a91d469003489e3a0780bce169f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44da5cbe136b9a97bfd5e2050e6700f1212f0f901edc4668462b95a159366457
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D11F3B2D0830136D500BA366C02AAF7A5C4A91B5CF44056EFD4563293EA2DAA4943FF
                                                                                                                                                                                                                        Function 00455080 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Destroy$DeleteMenuObject$IconWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 752480666-0
                                                                                                                                                                                                                        • Opcode ID: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                                                                                                                                                                                                                        • Instruction ID: bf467a0aa8f060071afd9cdae546a2eb92d9c059e8a57ac1e588bb5f3fc3a395
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26215E30200A019FC724DF24D5E8B7AB7A9FB44312F50855EED498B392CB39EC89CB59
                                                                                                                                                                                                                        Function 00455212 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 0045527A
                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 0045528C
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3275902921-0
                                                                                                                                                                                                                        • Opcode ID: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                                                                                                                                                                                                                        • Instruction ID: c357af2a313eda44c34a26cb015c973203dd8f66e4d80e74dc1abfaeb9ce60f9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D217E70604A019BC714DF79D99466AB7A5BF44311F40856EF919CB342DB38E849CF68
                                                                                                                                                                                                                        Function 00439326 Relevance: 9.1, APIs: 6, Instructions: 72processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(0000000A,?,?,?,?,?,00446540,?,?,?,?,?,?,?,?,?), ref: 0043935D
                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439364
                                                                                                                                                                                                                        • CreateEnvironmentBlock.USERENV(?,?,00000001,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439376
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439383
                                                                                                                                                                                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 004393C0
                                                                                                                                                                                                                        • DestroyEnvironmentBlock.USERENV(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 004393D4
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1413079979-0
                                                                                                                                                                                                                        • Opcode ID: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                                                                                                                                                                                                                        • Instruction ID: 8c652321442b38080740e7d333ba663a52d3460857ef2618669649d87ea194c0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B2150B2208300ABD314CB65D854EABB7EDEBCD754F084E1DF989A3250C7B4E901CB25
                                                                                                                                                                                                                        Function 0041415E Relevance: 9.1, APIs: 6, Instructions: 71threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___set_flsgetvalue.LIBCMT ref: 0041418F
                                                                                                                                                                                                                        • __calloc_crt.LIBCMT ref: 0041419B
                                                                                                                                                                                                                        • __getptd.LIBCMT ref: 004141A8
                                                                                                                                                                                                                        • CreateThread.KERNEL32(?,?,004140DB,00000000,?,?), ref: 004141DF
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 004141E9
                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00414201
                                                                                                                                                                                                                          • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                                                                                                                          • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1803633139-0
                                                                                                                                                                                                                        • Opcode ID: 375e199de8660ccece12c72eed21f404e356b520747db73c6127e63f80a42fd2
                                                                                                                                                                                                                        • Instruction ID: ec3febacf030228bba34671a5a373aa86179f0c9a00f1e1343e4adce14cbcb36
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 375e199de8660ccece12c72eed21f404e356b520747db73c6127e63f80a42fd2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1311DD72504209BFCB10AFA5DC828DF7BA8EF44368B20446EF50193151EB39C9C18A68
                                                                                                                                                                                                                        Function 004555E0 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 004555E8
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3275902921-0
                                                                                                                                                                                                                        • Opcode ID: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                                                                                                                                                                                                                        • Instruction ID: 9e206caaed87a4944845468030bda76e3f946505fe2e652cce1cc100bc4c7c20
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE2141702006409FCB25DF25C994A2B77A9FF44312F80856EED49CB352DB39EC4ACB59
                                                                                                                                                                                                                        Function 004554C0 Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 004554DF
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004554FA
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DeleteDestroyMessageObjectSend$IconWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3691411573-0
                                                                                                                                                                                                                        • Opcode ID: ffc9a8f4f75f6e2ff6fdc7cc9300f0c908ecc9e004d580c3573be367ed75df53
                                                                                                                                                                                                                        • Instruction ID: ead105b7aa3a144aa2df3f4c31681f961a0d6b706109639263d1a652a664e8ec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ffc9a8f4f75f6e2ff6fdc7cc9300f0c908ecc9e004d580c3573be367ed75df53
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5118F713046419BDB10DF68DD88A2A77A8FB58322F404A2AFE14DB2D1D775DC498B68
                                                                                                                                                                                                                        Function 0043609C Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcslen$_wcstok$ExtentPoint32Text
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1814673581-0
                                                                                                                                                                                                                        • Opcode ID: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
                                                                                                                                                                                                                        • Instruction ID: 25d714350c6a951fb861184d208c8546153e966ae5ec0a2422e5c8358eb53325
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F60125B19053126BC6209F95DC42B5BB7E8EF45760F11842AFD04E3340D7F8E84483EA
                                                                                                                                                                                                                        Function 00436272 Relevance: 9.1, APIs: 6, Instructions: 59sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362A7
                                                                                                                                                                                                                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362B2
                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362BA
                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362C5
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2833360925-0
                                                                                                                                                                                                                        • Opcode ID: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                                                                                                                                                                                                                        • Instruction ID: c21ea81f2c38402705b15ef58ab4919efdb6e4f3ef0ac894e378511a69de5cf2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C411D031909306ABC700EF19DA8499FB7E4FFCCB11F828D2DF98592210D734C9498B96
                                                                                                                                                                                                                        Function 004471EC Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                          • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                          • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                        • MoveToEx.GDI32(?,?,?,00000000), ref: 0044721F
                                                                                                                                                                                                                        • LineTo.GDI32(?,?,?), ref: 00447227
                                                                                                                                                                                                                        • MoveToEx.GDI32(?,?,?,00000000), ref: 00447235
                                                                                                                                                                                                                        • LineTo.GDI32(?,?,?), ref: 0044723D
                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 0044724E
                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 0044725C
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 372113273-0
                                                                                                                                                                                                                        • Opcode ID: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                                                                                                                                                                                                                        • Instruction ID: cf4011081099dc8586e946db52605055ec0608de7db987eb6b7af15cf0be2a5d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7018F36105264BBE2119750EC4AF9FBBACEF8A710F14451DF70156191C7F42A0587BD
                                                                                                                                                                                                                        Function 00410940 Relevance: 9.0, APIs: 6, Instructions: 49keyboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 0041098F
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410997
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004109A2
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004109AD
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 004109B5
                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 004109BD
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Virtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4278518827-0
                                                                                                                                                                                                                        • Opcode ID: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                                                                                                                                                                                                                        • Instruction ID: 14dd698fb88c41d3cb2937c08abaa7ad6cdafd80764dd657d9f2199fb51feb0a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52112A6118ABC4ADD3329F694854A87FFE45FB6304F484A8ED1D607A43C195A60CCBBA
                                                                                                                                                                                                                        Function 0044CBD3 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 0044CBEF
                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC00
                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC09
                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0044CC10
                                                                                                                                                                                                                        • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CC29
                                                                                                                                                                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0044CC37
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CapsDevice$Release
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1035833867-0
                                                                                                                                                                                                                        • Opcode ID: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                                                                                                                                                                                                                        • Instruction ID: 50bf861fd692b93b916a63282857a41227f0dfa19545bc4f0a59f576ae553c11
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 560184B1641314BFF6009BA1DC4AF1BBB9CEF55755F01842EFF44A7241D6B098008BA9
                                                                                                                                                                                                                        Function 0044B64F Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(0042A369,057401F8), ref: 0044B66E
                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0042A321), ref: 0044B67B
                                                                                                                                                                                                                        • TerminateThread.KERNEL32(?,000001F6), ref: 0044B689
                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B697
                                                                                                                                                                                                                          • Part of subcall function 004356CD: CloseHandle.KERNEL32(00000000,0042A365,0044B6A3,0042A365,?,000003E8,?,000001F6), ref: 004356D9
                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(0042A369,000001F6), ref: 0044B6AC
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(0042A321), ref: 0044B6AF
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3495660284-0
                                                                                                                                                                                                                        • Opcode ID: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                                                                                                                                                                                                                        • Instruction ID: 3e278a896620ffa5fdfd5bcc44ba61fc9bc9ab212b345b13b81bb6ec37c91fca
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3F0F672141206BBD210AB24EE89DBFB37CFF44315F41096AF60142550CB75F811CBBA
                                                                                                                                                                                                                        Function 00437118 Relevance: 9.0, APIs: 6, Instructions: 37windowtimethreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00437127
                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00437140
                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00437150
                                                                                                                                                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 00437162
                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 0043716D
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00437174
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 839392675-0
                                                                                                                                                                                                                        • Opcode ID: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                                                                                                                                                                                                                        • Instruction ID: 38550948ec006cf47bed7574f40cc63f5aae242ba43c895826076912260f23cd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37F054352813117BE6215B109E4EFEF37A8AF49F02F104828FB41B51D0E7E469458BAE
                                                                                                                                                                                                                        Function 0043604B Relevance: 9.0, APIs: 6, Instructions: 33serviceCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000008,004A8E80,BC000000,00431B28,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,00000004), ref: 00436055
                                                                                                                                                                                                                        • LockServiceDatabase.ADVAPI32(00000000), ref: 00436062
                                                                                                                                                                                                                        • UnlockServiceDatabase.ADVAPI32(00000000), ref: 0043606D
                                                                                                                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00436076
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00436081
                                                                                                                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00436091
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Service$CloseDatabaseHandle$ErrorLastLockManagerOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1690418490-0
                                                                                                                                                                                                                        • Opcode ID: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                                                                                                                                                                                                                        • Instruction ID: 156e5f382d75df54ba3c5c30185d6bb62b1a9e6e0194ec4ef6b9e4a62dbea0b3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9BE0E5319821216BC6231B30AE4DBCF3B99DB1F311F041827F701D2250CB998404DBA8
                                                                                                                                                                                                                        Function 00475ACA Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 237comCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00475B71
                                                                                                                                                                                                                        • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 00475B8A
                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00475D71
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                        • String ID: .lnk$HH
                                                                                                                                                                                                                        • API String ID: 886957087-3121654589
                                                                                                                                                                                                                        • Opcode ID: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                                                                                                                                                                                                                        • Instruction ID: f4d7caca580305710a2a5ca379fd8543151c5613ecc12b631d1ff665410dc3a0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0819D75604300AFD310EF65CC82F5AB3A9EF88704F50892DF658AF2D2D6B5E905CB99
                                                                                                                                                                                                                        Function 0045F132 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 1173514356-4108050209
                                                                                                                                                                                                                        • Opcode ID: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                                                                                                                                                                                                                        • Instruction ID: b3a4179b3c174fb1a3aa0d908437eb3f68f1f523a6631853a4ee88e897a1c7ed
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31418CB55043019BD710CF19C884B5BBBE5AFC5324F148A6EFCA49B282C375E809CBA6
                                                                                                                                                                                                                        Function 00437CA6 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 00437CB2
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00437D26
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,AU3_GetPluginDetails), ref: 00437D3D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                        • String ID: AU3_GetPluginDetails$#v
                                                                                                                                                                                                                        • API String ID: 145871493-3662034293
                                                                                                                                                                                                                        • Opcode ID: 4d29db7c409dc1d8665f13fcd2a771d904d38d92e5d57695c8085be3ce6f429e
                                                                                                                                                                                                                        • Instruction ID: 909018a8305b4cb0ce841e730e5bf8c258fddf5044228ae68d4d210ccee2088c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d29db7c409dc1d8665f13fcd2a771d904d38d92e5d57695c8085be3ce6f429e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 054147B96042019FC314DF68D8C4D5AF3E5FF8D304B20866EE9568B751DB35E802CB96
                                                                                                                                                                                                                        Function 004692E4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469368
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00469379
                                                                                                                                                                                                                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 004693AB
                                                                                                                                                                                                                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                        • API String ID: 763830540-1403004172
                                                                                                                                                                                                                        • Opcode ID: 61f9ca9c5a419efdf5b0fec418701a37d71c48c53c791e94f016d44e45ec48a7
                                                                                                                                                                                                                        • Instruction ID: 8c71ebf423f389569590ff88e643f185c263fd61562863516bde62979c95be4e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61f9ca9c5a419efdf5b0fec418701a37d71c48c53c791e94f016d44e45ec48a7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0210C7160020067C210BB3A9C46FAF77989B85364F09052FF959AB3D1EA7CE94A436E
                                                                                                                                                                                                                        Function 00443981 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(?), ref: 004439B4
                                                                                                                                                                                                                          • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,76232EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                                                                                                                                                                                                                          • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                                                                                                                                                                                                                          • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentHandleProcess$Duplicate
                                                                                                                                                                                                                        • String ID: nul
                                                                                                                                                                                                                        • API String ID: 2124370227-2873401336
                                                                                                                                                                                                                        • Opcode ID: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                                                                                                                                                                                                                        • Instruction ID: e5202fea31d744cc2812a948a395a4146b23d8233fafbd02014e3d546f800e0b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8921A070104301ABE320DF28D886B9B77E4AF94B24F504E1EF9D4972D1E3B5DA54CBA6
                                                                                                                                                                                                                        Function 00443887 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 004438B7
                                                                                                                                                                                                                          • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,76232EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                                                                                                                                                                                                                          • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                                                                                                                                                                                                                          • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentHandleProcess$Duplicate
                                                                                                                                                                                                                        • String ID: nul
                                                                                                                                                                                                                        • API String ID: 2124370227-2873401336
                                                                                                                                                                                                                        • Opcode ID: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                                                                                                                                                                                                                        • Instruction ID: 183321404fa0000a7fb955016a75d3ae5bd0bbc3c7f5d4043dd6f74a8503dfc6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E2182701002019BE210DF28DC45F9BB7E4AF54B34F204A1EF9E4962D0E7759654CB56
                                                                                                                                                                                                                        Function 004412AE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowlibraryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00441333
                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?,?,?,?,0047B4D0,?,?,?,?,?,?,?,?,?,00000000), ref: 0044133A
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000467,00000000,?), ref: 00441352
                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,?,00000467,00000000,?,?,?,?,0047B4D0,?,?,?,?,?,?), ref: 0044135B
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                        • String ID: SysAnimate32
                                                                                                                                                                                                                        • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                        • Opcode ID: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                                                                                                                                                                                                                        • Instruction ID: 28effd0bdeb99d0e0a50349a2d6ccdc4655b9339127a2247ff1827a793b197f6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0216271204301ABF7209AA5DC84F6B73ECEBD9724F104A1EF651D72E0D6B4DC818729
                                                                                                                                                                                                                        Function 00443009 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 0044304E
                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 0044308B
                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00443096
                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004430AD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$Peek$DispatchTranslate
                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                        • API String ID: 1795658109-438819550
                                                                                                                                                                                                                        • Opcode ID: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                                                                                                                                                                                                                        • Instruction ID: a39ada88e739a490af96418dc0f35d82e94fc94c1e76e22fe960a83301852fb1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F2138715183419EF720DF289C80FA3B7949B60B05F008ABFF66492191E6B99608C76E
                                                                                                                                                                                                                        Function 004609BD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                          • Part of subcall function 004389A1: SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                                                                                                                                                                                                                          • Part of subcall function 004389A1: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                                                                                                                                                                                                                          • Part of subcall function 004389A1: GetCurrentThreadId.KERNEL32 ref: 004389DA
                                                                                                                                                                                                                          • Part of subcall function 004389A1: AttachThreadInput.USER32(00000000), ref: 004389E1
                                                                                                                                                                                                                        • GetFocus.USER32 ref: 004609EF
                                                                                                                                                                                                                          • Part of subcall function 004389EB: GetParent.USER32(?), ref: 004389F7
                                                                                                                                                                                                                          • Part of subcall function 004389EB: GetParent.USER32(?), ref: 00438A04
                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00460A37
                                                                                                                                                                                                                        • EnumChildWindows.USER32(?,00445A31,?), ref: 00460A60
                                                                                                                                                                                                                        • __swprintf.LIBCMT ref: 00460A7A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_wcslen
                                                                                                                                                                                                                        • String ID: %s%d
                                                                                                                                                                                                                        • API String ID: 991886796-1110647743
                                                                                                                                                                                                                        • Opcode ID: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                                                                                                                                                                                                                        • Instruction ID: 20a4aa43144560c0524e92d1094e5dcb4402c89d1d481f65a72662ac57dae138
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7521A4712403046BD610FB65DC8AFEFB7ACAF98704F00481FF559A7181EAB8A509877A
                                                                                                                                                                                                                        Function 0040F790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _memset$_sprintf
                                                                                                                                                                                                                        • String ID: %02X
                                                                                                                                                                                                                        • API String ID: 891462717-436463671
                                                                                                                                                                                                                        • Opcode ID: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
                                                                                                                                                                                                                        • Instruction ID: c3235ccac5cd273424cb9b73a8b9e0f10e05fa8943de770f4571b5c3e9b76774
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B11E97225021167D314FA698C93BEE724CAB45704F50453FF541A75C1EF6CB558839E
                                                                                                                                                                                                                        Function 0040F3B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 0042CD00
                                                                                                                                                                                                                        • GetOpenFileNameW.COMDLG32 ref: 0042CD51
                                                                                                                                                                                                                          • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,?,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,004A8E80,C:\Users\user\Desktop\Invoice & Packing list For Sea Shipment.exe,0040F3D2), ref: 0040FFCA
                                                                                                                                                                                                                          • Part of subcall function 00410130: SHGetMalloc.SHELL32(00000000), ref: 0041013A
                                                                                                                                                                                                                          • Part of subcall function 00410130: SHGetDesktopFolder.SHELL32(?,004A8E80), ref: 00410150
                                                                                                                                                                                                                          • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 00410160
                                                                                                                                                                                                                          • Part of subcall function 00410130: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410197
                                                                                                                                                                                                                          • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 004101AC
                                                                                                                                                                                                                          • Part of subcall function 00410020: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 00410037
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: NamePath$Full_wcscpy$DesktopFileFolderFromListMallocOpen_memset
                                                                                                                                                                                                                        • String ID: $OH$@OH$X
                                                                                                                                                                                                                        • API String ID: 3491138722-1394974532
                                                                                                                                                                                                                        • Opcode ID: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                                                                                                                                                                                                                        • Instruction ID: e3e81f3fa603e1d093c5df9e9287f390c0398a0e5563e0e16fb911f44c5f658a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2111C2B02043405BC311EF19984175FBBE9AFD5308F14882EF68497292D7FD854DCB9A
                                                                                                                                                                                                                        Function 0044C379 Relevance: 7.6, APIs: 5, Instructions: 137windowkeyboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C3DA
                                                                                                                                                                                                                        • SetKeyboardState.USER32(00000080), ref: 0044C3ED
                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C441
                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C465
                                                                                                                                                                                                                        • SendInput.USER32 ref: 0044C509
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: KeyboardMessagePostState$InputSend
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3031425849-0
                                                                                                                                                                                                                        • Opcode ID: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                                                                                                                                                                                                                        • Instruction ID: f46f63d78903415e516a46676784f6fcea1caa301ceb581e17347d916cd8316d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB413B715462446FF760AB24D944BBFBB94AF99324F04061FF9D4122C2D37D9908C77A
                                                                                                                                                                                                                        Function 004422B9 Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32 ref: 004422F0
                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,00000000,00000000,?,?), ref: 0044232B
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0044234E
                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00442390
                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000), ref: 004423C0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Enum$CloseDeleteOpen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2095303065-0
                                                                                                                                                                                                                        • Opcode ID: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                                                                                                                                                                                                                        • Instruction ID: 24d8057b763805d248a02a33893b377b1579bd56aab3fff97e90bb3d062a49ad
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C3150721043056EE210DF94DD84FBF73ECEBC9314F44492EBA9596141D7B8E9098B6A
                                                                                                                                                                                                                        Function 0045C277 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C2F4
                                                                                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C31B
                                                                                                                                                                                                                        • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C363
                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C385
                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C392
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2832842796-0
                                                                                                                                                                                                                        • Opcode ID: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                                                                                                                                                                                                                        • Instruction ID: eb365ed5c03c4bb3a44f9ddbc5128f2f56e5f8affd5b6ace934fe40af23b551f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00318675240305ABD610DFA1DC85F9BB3A8AF84705F00891DF94497292D7B9E889CB94
                                                                                                                                                                                                                        Function 0044796B Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00447997
                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 004479A2
                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 004479BE
                                                                                                                                                                                                                        • WindowFromPoint.USER32(?,?), ref: 004479FF
                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447A78
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Client$CursorFromPointProcRectScreenWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1822080540-0
                                                                                                                                                                                                                        • Opcode ID: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                                                                                                                                                                                                                        • Instruction ID: e9c1e18ea4fcc9a2ad4b32cd349e8b57ec7287094a91df3c43d19f1875151664
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE3188742082029BD710CF19D88596FB7A9EBC8714F144A1EF88097291D778EA57CBAA
                                                                                                                                                                                                                        Function 00447BAF Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00447C1B
                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00447C39
                                                                                                                                                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                                                                                                                                                                                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                                                                                                                                                                                                                        • EndPaint.USER32(?,?), ref: 00447CD1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ClientPaintRectRectangleScreenViewportWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 659298297-0
                                                                                                                                                                                                                        • Opcode ID: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                                                                                                                                                                                                                        • Instruction ID: 653bb342b0117225c29b14224c0e663a7b864e912777eddc33bb147bcfad3e12
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A3150706043019FE320CF15D9C8F7B7BE8EB89724F044A6EF994873A1D774A8468B69
                                                                                                                                                                                                                        Function 00447870 Relevance: 7.6, APIs: 5, Instructions: 94windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 004478A7
                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478C3
                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,0000007B,?,?,004A83D8,?,004A83D8,?), ref: 004478E7
                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00447935
                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 0044795B
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CursorMenuPopupTrack$Proc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1300944170-0
                                                                                                                                                                                                                        • Opcode ID: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                                                                                                                                                                                                                        • Instruction ID: 600148c7f6f0e64f7aba5c2d0a58757112576a5c49d56a392ea253be37485a5b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B31E475244204ABE214DB48DC48FABB7A5FBC9711F14491EF64483390D7B96C4BC779
                                                                                                                                                                                                                        Function 00448837 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                                                                                                                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                                                                                                                        • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                                                                                                                        • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                                                                                                                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                                                                                                                          • Part of subcall function 004413F0: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                                                                                                                                                                                                                          • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441452
                                                                                                                                                                                                                          • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441493
                                                                                                                                                                                                                          • Part of subcall function 004413F0: SendMessageW.USER32(03121C98,000000F1,00000000,00000000), ref: 004414C6
                                                                                                                                                                                                                          • Part of subcall function 004413F0: SendMessageW.USER32(03121C98,000000F1,00000001,00000000), ref: 004414F1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$EnableMessageSend$LongShow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 142311417-0
                                                                                                                                                                                                                        • Opcode ID: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                                                                                                                                                                                                                        • Instruction ID: 53ead31d82dc60d0a1ec6489c26700cf05fac79e8a5bf65a12bf69c5108a1aee
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 942105B07053809BF7148E28C8C47AFB7D0FB95345F08482EF981A6391DBAC9845C72E
                                                                                                                                                                                                                        Function 00449549 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _memset.LIBCMT ref: 0044955A
                                                                                                                                                                                                                          • Part of subcall function 00433A98: _wcspbrk.LIBCMT ref: 00433AAC
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001060,00000000,00000004), ref: 004495B3
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 004495C1
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 004495CE
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001060,00000000,?), ref: 004495FF
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend_wcslen$_memset_wcspbrk
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1843234404-0
                                                                                                                                                                                                                        • Opcode ID: b21334e59b332bdcefcacb45badc01962a29afe58654cc2f886ab9dc01dd4065
                                                                                                                                                                                                                        • Instruction ID: 2eba0e6ca7bf2f01d6f4dc0284c8cedbdf4c7ea0b5caad0642d64795040b3bc6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b21334e59b332bdcefcacb45badc01962a29afe58654cc2f886ab9dc01dd4065
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1821F87260430556E630EB15AC81BFBB3D8EBD0761F10483FEE4081280E67E9959D3AA
                                                                                                                                                                                                                        Function 00455014 Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                                                                                                                                                                                                                        • Instruction ID: 4734ce3ce40af5b77ad59fd8baedf6a3e56741e39cc50bb30d89ac3ca2d3bd52
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1321E0712006409BCB10EF29D994D6B73A8EF45321B40466EFE5597382DB34EC08CBA9
                                                                                                                                                                                                                        Function 00445719 Relevance: 7.6, APIs: 5, Instructions: 76windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 00445721
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0044573C
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00445773
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 004457A3
                                                                                                                                                                                                                        • CharUpperBuffW.USER32(00000000,00000000), ref: 004457AD
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3087257052-0
                                                                                                                                                                                                                        • Opcode ID: 07a683c3f77dae50ee773e7e3fa5154241049f7b31449e9a489b3be5124be6a3
                                                                                                                                                                                                                        • Instruction ID: 00e09c3d40749c53521e9302b0eb92bb7bfe2d7d521d01ead8474e6f611d5aec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07a683c3f77dae50ee773e7e3fa5154241049f7b31449e9a489b3be5124be6a3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA11E972601741BBF7105B35DC46F5B77CDAF65320F04443AF40AE6281FB69E84583AA
                                                                                                                                                                                                                        Function 00459DCF Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00459DEF
                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00459E07
                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00459E44
                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,00000000), ref: 00459E4F
                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00459E8B
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4156661090-0
                                                                                                                                                                                                                        • Opcode ID: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                                                                                                                                                                                                                        • Instruction ID: f25aa70a507d7fb142791e963b89e5313ab4350e7ab13503248c443e15a863bf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76219D76600202ABD700EFA5CD49A5AB7E9FF84315F19483DF90597642DB78FC04CBA9
                                                                                                                                                                                                                        Function 00464950 Relevance: 7.6, APIs: 5, Instructions: 68networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 00464985
                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,00000000), ref: 00464993
                                                                                                                                                                                                                        • connect.WSOCK32(00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 004649CD
                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32(00000000,00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 004649F4
                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000,00000000,00000000,00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 00464A07
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast$closesocketconnectinet_addrsocket
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 245547762-0
                                                                                                                                                                                                                        • Opcode ID: aaa03f654d2c2080970664bbc2635e6406c59b0d093f7dcd590a1c65d79e0220
                                                                                                                                                                                                                        • Instruction ID: b27d5ee258410aac5bd3077dd9c53ce90635b59006b610d0ec7ee295a05cd03d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aaa03f654d2c2080970664bbc2635e6406c59b0d093f7dcd590a1c65d79e0220
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3211DA712002109BD310FB2AC842F9BB3D8AF85728F04895FF594A72D2D7B9A885875A
                                                                                                                                                                                                                        Function 0044710F Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                        • BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Object$Select$BeginCreateDeletePath
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2338827641-0
                                                                                                                                                                                                                        • Opcode ID: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                                                                                                                                                                                                                        • Instruction ID: ab30216038401830d00444c504d41f25dcbf82a6e2307e0a418987ed8484b610
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E2171B18083019FD320CF29AD44A1B7FACF74A724F14052FF654933A1EB789849CB69
                                                                                                                                                                                                                        Function 0043770A Relevance: 7.6, APIs: 5, Instructions: 56sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043771E
                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043773C
                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043775C
                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,004448B6,0000000F,?), ref: 00437767
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2875609808-0
                                                                                                                                                                                                                        • Opcode ID: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                                                                                                                                                                                                                        • Instruction ID: fd8a8a83491f03de43ea78fbc63302b75a2fa5438857304713168bbc83ca9150
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA11A3B64093119BC210EF1ADA88A8FB7F4FFD8765F004D2EF9C462250DB34D5598B9A
                                                                                                                                                                                                                        Function 0046FCC6 Relevance: 7.5, APIs: 5, Instructions: 49windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 0046FD00
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000104C,00000000,?), ref: 0046FD2E
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001015,?,?), ref: 0046FD4B
                                                                                                                                                                                                                        • DestroyIcon.USER32(?), ref: 0046FD58
                                                                                                                                                                                                                        • DestroyIcon.USER32(?), ref: 0046FD5F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$DestroyIcon
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3419509030-0
                                                                                                                                                                                                                        • Opcode ID: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                                                                                                                                                                                                                        • Instruction ID: ba7c1cc62690e465ab1dcb48fa3e0f79152c3dc78d34179caeeeb49ed344ab69
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F1182B15043449BE730DF14DC46BABB7E8FBC5714F00492EE6C857291D6B8A84A8B67
                                                                                                                                                                                                                        Function 004175A2 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __getptd.LIBCMT ref: 004175AE
                                                                                                                                                                                                                          • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
                                                                                                                                                                                                                          • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
                                                                                                                                                                                                                        • __amsg_exit.LIBCMT ref: 004175CE
                                                                                                                                                                                                                        • __lock.LIBCMT ref: 004175DE
                                                                                                                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 004175FB
                                                                                                                                                                                                                        • InterlockedIncrement.KERNEL32(031217F0), ref: 00417626
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4271482742-0
                                                                                                                                                                                                                        • Opcode ID: cef6af0c730a10c674891530ba4a9f92a8997b3b581fa775581189220e01fce3
                                                                                                                                                                                                                        • Instruction ID: de548182bd5f57d4f8c9f8a4c79293bfa6802d75d0085d2526eaa3c6a777046b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cef6af0c730a10c674891530ba4a9f92a8997b3b581fa775581189220e01fce3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9401AD31944A11AFC710ABA998497CE7BB0BB11724F0540ABE80063791CB3CA9C1CFEE
                                                                                                                                                                                                                        Function 004555B8 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Destroy$DeleteObjectWindow$Icon
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4023252218-0
                                                                                                                                                                                                                        • Opcode ID: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                                                                                                                                                                                                                        • Instruction ID: d1816f9fa450f538fb043821254e2bd2cfb9ade9207d957631f6d0e9d50691b6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05015E70300605ABCB20DF65D9D4B2B77A8BF14712B50452AFD04D7346EB38EC48CB69
                                                                                                                                                                                                                        Function 0046032B Relevance: 7.5, APIs: 5, Instructions: 43windowtimeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00460342
                                                                                                                                                                                                                        • GetWindowTextW.USER32(00000000,00000100,00000100), ref: 00460357
                                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 0046036D
                                                                                                                                                                                                                        • KillTimer.USER32(?,0000040A), ref: 00460392
                                                                                                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 004603AB
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3741023627-0
                                                                                                                                                                                                                        • Opcode ID: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                                                                                                                                                                                                                        • Instruction ID: 48c257e0c270193328064fa19c5b46d6a870d8092b70dfec968bdaebd9a60f08
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE018831500300A7E7209B54DE5DBDB77A8BF44B05F00492EB681A25D0E7F8A584CB55
                                                                                                                                                                                                                        Function 00455505 Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001101,00000000,?), ref: 00455514
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DeleteDestroyObject$IconMessageSendWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1489400265-0
                                                                                                                                                                                                                        • Opcode ID: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                                                                                                                                                                                                                        • Instruction ID: 68d82c845863845e83b9d92669df32d5d1b96a6c2c0272d07869f65424c05900
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9014F703006419BDB10EF65DED8A2A73A9FB44712B40455AFE05DB286DB78EC49CB68
                                                                                                                                                                                                                        Function 0045551F Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1042038666-0
                                                                                                                                                                                                                        • Opcode ID: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                                                                                                                                                                                                                        • Instruction ID: 707d1f3050e1f0ff98422ce5efa9f9a4d3559fdafbc0a23101ed238e91bf2869
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2014B702006419BCB10AF65D9C8A2A33ACAF19322780456AFD05D7242DB28EC498B79
                                                                                                                                                                                                                        Function 0043315E Relevance: 7.5, APIs: 5, Instructions: 33COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2625713937-0
                                                                                                                                                                                                                        • Opcode ID: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                                                                                                                                                                                                                        • Instruction ID: 1b0d13c7bbaa275692c81ef4a4760df4fcf6218f807946f7e03cce85d1463269
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7F0A4751052019BD7508F18EC0C70E7FA8FB4F325F04462EEA19932E0DB781546CBAD
                                                                                                                                                                                                                        Function 004140CF Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
                                                                                                                                                                                                                        • ___set_flsgetvalue.LIBCMT ref: 004140E1
                                                                                                                                                                                                                          • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                                                                                                                          • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                                                                                                                          • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                                                                                                                        • ___fls_getvalue@4.LIBCMT ref: 004140EC
                                                                                                                                                                                                                          • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                                                                                                                        • ___fls_setvalue@8.LIBCMT ref: 004140FF
                                                                                                                                                                                                                          • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 00414108
                                                                                                                                                                                                                        • ExitThread.KERNEL32 ref: 0041410F
                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00414115
                                                                                                                                                                                                                        • __freefls@4.LIBCMT ref: 00414135
                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 132634196-0
                                                                                                                                                                                                                        • Opcode ID: dbe0df41a3d89f03eebcd77cedb8c7fbd95cde8327ee68e759feca9a6a87dff2
                                                                                                                                                                                                                        • Instruction ID: c6f54ac6c47f72d6c6be617d0ab0d95393642b3a08ca47198428750b18cc63fb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dbe0df41a3d89f03eebcd77cedb8c7fbd95cde8327ee68e759feca9a6a87dff2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EFE0B6318012096B8F0177F28E2A8DF3A2DAD56799B12842EBF10A3112DA6DD9D147AD
                                                                                                                                                                                                                        Function 00415601 Relevance: 7.5, APIs: 5, Instructions: 23threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00415610
                                                                                                                                                                                                                          • Part of subcall function 00418540: __FindPESection.LIBCMT ref: 0041859B
                                                                                                                                                                                                                        • __getptd_noexit.LIBCMT ref: 00415620
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,0041566B), ref: 00415634
                                                                                                                                                                                                                        • __freeptd.LIBCMT ref: 0041563B
                                                                                                                                                                                                                        • ExitThread.KERNEL32 ref: 00415643
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCurrentExitFindHandleImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3798957060-0
                                                                                                                                                                                                                        • Opcode ID: d3b08fe511e09ca6ea2d918a54b62a74066439bca0a0e456eaad9824bd7e2a02
                                                                                                                                                                                                                        • Instruction ID: 5ad9b57b40d8b41da6f03c32f2a15b2799e0bbfe2e5ad1689210a27a588f1b2a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3b08fe511e09ca6ea2d918a54b62a74066439bca0a0e456eaad9824bd7e2a02
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29E01A31501A1197C2212BB9AC097DE3255AF01F36F944A6EF81A952A0DB6CD98147AD
                                                                                                                                                                                                                        Function 0041567F Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
                                                                                                                                                                                                                        • ___set_flsgetvalue.LIBCMT ref: 00415690
                                                                                                                                                                                                                          • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                                                                                                                          • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                                                                                                                          • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                                                                                                                        • ___fls_getvalue@4.LIBCMT ref: 0041569B
                                                                                                                                                                                                                          • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                                                                                                                        • ___fls_setvalue@8.LIBCMT ref: 004156AD
                                                                                                                                                                                                                          • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 004156B6
                                                                                                                                                                                                                        • ExitThread.KERNEL32 ref: 004156BD
                                                                                                                                                                                                                        • __freefls@4.LIBCMT ref: 004156D9
                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1537469427-0
                                                                                                                                                                                                                        • Opcode ID: 99715b5f8e2ff19c7b8f3a2e2e0a417857e73ed83bc070766e6b29f9400adc7a
                                                                                                                                                                                                                        • Instruction ID: 6f4b581ce684dac4bce1a6396b1ab204a3b2196504341234b7a244e47b3a25b0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99715b5f8e2ff19c7b8f3a2e2e0a417857e73ed83bc070766e6b29f9400adc7a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83E0E6308003096BCF0037F29E1A9DF392DAD41389B52841E7E14B2122DE6DD9D1466D
                                                                                                                                                                                                                        Function 0040AB16 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 423COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _malloc
                                                                                                                                                                                                                        • String ID: Default$|k
                                                                                                                                                                                                                        • API String ID: 1579825452-2254895183
                                                                                                                                                                                                                        • Opcode ID: 404d7240c4bb856f681ff9cdf52c8ed6758caabbd7f7f5126ad75ded5c77f63b
                                                                                                                                                                                                                        • Instruction ID: 39a525bc613f0e7e9485e4ea944b13d532e73913c0a35fc25f8fa2b96209a7b9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 404d7240c4bb856f681ff9cdf52c8ed6758caabbd7f7f5126ad75ded5c77f63b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51F19F706083018BD714DF25C484A6BB7E5AF85314F64886FF885AB392D738EC55CB9B
                                                                                                                                                                                                                        Function 0044F0B1 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 377COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _memcmp
                                                                                                                                                                                                                        • String ID: '$[$h
                                                                                                                                                                                                                        • API String ID: 2931989736-1224472061
                                                                                                                                                                                                                        • Opcode ID: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
                                                                                                                                                                                                                        • Instruction ID: c2eec353cbd26a418970a1643da97c958d9efd09d44d369c5aec2a2e92b02032
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EBE1B3756083858FE725CF28C8807ABBBE1FFC9304F18896EE89587341D7799849CB56
                                                                                                                                                                                                                        Function 0044F1F5 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 358COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _strncmp
                                                                                                                                                                                                                        • String ID: >$R$U
                                                                                                                                                                                                                        • API String ID: 909875538-1924298640
                                                                                                                                                                                                                        • Opcode ID: f9ebc198af2ab7ab0819517e001d9756788144751dce64bc403378e3fae079f3
                                                                                                                                                                                                                        • Instruction ID: f6794502b7c89560a677b30a08de70cb8bc1b17d125f16f135907c58c8460d8d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9ebc198af2ab7ab0819517e001d9756788144751dce64bc403378e3fae079f3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46E19C745083818FEB25CF29C49076BBBE1EFD9304F28496EE89587381D378E849CB56
                                                                                                                                                                                                                        Function 0046CDA0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 0046CE18
                                                                                                                                                                                                                        • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 0046CE31
                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 0046CE50
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                        • String ID: .lnk
                                                                                                                                                                                                                        • API String ID: 886957087-24824748
                                                                                                                                                                                                                        • Opcode ID: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                                                                                                                                                                                                                        • Instruction ID: 09ec1e36491b9dee8eccbfa157b0fc1a83632a56aae6c10d58f94140378ad3aa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3A1ABB5A042019FC704EF64C980E6BB7E9EF88714F14895EF8849B392D735EC45CBA6
                                                                                                                                                                                                                        Function 00469BED Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00469C37
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                        • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                                                                                        • API String ID: 176396367-557222456
                                                                                                                                                                                                                        • Opcode ID: 6ed3ee7040cf52f7c8cf58c24b37417f7719ae2cfab6dfb5b0d2deafceea8a2b
                                                                                                                                                                                                                        • Instruction ID: 5ec49088f7a0f5eff408c40ec761cfb1cab3d77d8e9f1d748350f88cc39ab646
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ed3ee7040cf52f7c8cf58c24b37417f7719ae2cfab6dfb5b0d2deafceea8a2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C818F715183009FC310EF65C88186BB7E8AF85714F408A2FF5959B2A2E778ED45CB9B
                                                                                                                                                                                                                        Function 0042D2CC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 204COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 0042D2E0
                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 0042D2EE
                                                                                                                                                                                                                        • VariantClear.OLEAUT32(00000000), ref: 0042D2FF
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Variant$ClearCopyInit_malloc
                                                                                                                                                                                                                        • String ID: 4RH
                                                                                                                                                                                                                        • API String ID: 2981388473-749298218
                                                                                                                                                                                                                        • Opcode ID: 729bbe064e017370016cbbe449625b34bf86d2465771c793fde470bd13ce78dc
                                                                                                                                                                                                                        • Instruction ID: 2430bd0654d197d786bc988f6f01769df72c779a088326c60667d263ff95ce9f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 729bbe064e017370016cbbe449625b34bf86d2465771c793fde470bd13ce78dc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC913874A083519FC720CF29D480A1AB7E1FF89304F64892EE999DB351D774EC85CB96
                                                                                                                                                                                                                        Function 004667A7 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 170shareCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                        • __wcsnicmp.LIBCMT ref: 0046681A
                                                                                                                                                                                                                        • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 004668B9
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Connection__wcsnicmp_wcscpy_wcslen
                                                                                                                                                                                                                        • String ID: LPT$HH
                                                                                                                                                                                                                        • API String ID: 3035604524-2728063697
                                                                                                                                                                                                                        • Opcode ID: 4168d29b7d0848dc605f9ce781fdb6688c60699af114ee795911c582be7b9077
                                                                                                                                                                                                                        • Instruction ID: 32c7950bcbaa764ae6d62266904c1b9f72d26d84b6ae022b5f72856ccecd4d84
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4168d29b7d0848dc605f9ce781fdb6688c60699af114ee795911c582be7b9077
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2151D5B16043009FC720EF65C881B1BB7E5AF85704F11491EFA859B382E779ED49C79A
                                                                                                                                                                                                                        Function 00438A5D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 004374AF: WriteProcessMemory.KERNEL32(?,?,00000000,00000000,00000000,?,00461142,?), ref: 004374E2
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00438AB8
                                                                                                                                                                                                                          • Part of subcall function 00437472: ReadProcessMemory.KERNEL32(?,00000000,00000000,?,00000000,00000000,00460C33,?,00000000,?,00000202), ref: 004374A5
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00438B2F
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 00438BAF
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$MemoryProcess$ReadWrite
                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                        • API String ID: 4055202900-2766056989
                                                                                                                                                                                                                        • Opcode ID: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                                                                                                                                                                                                                        • Instruction ID: 682097a2b5231093ce935cfc9f6f49684b756042c0be5430c67da702d62f7190
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6518FB2208304ABD310DB64CC81FEFB7A9EFC9714F04591EFA8597181D678F9498B66
                                                                                                                                                                                                                        Function 00465D41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CrackInternet_memset_wcslen
                                                                                                                                                                                                                        • String ID: |
                                                                                                                                                                                                                        • API String ID: 915713708-2343686810
                                                                                                                                                                                                                        • Opcode ID: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
                                                                                                                                                                                                                        • Instruction ID: 59fb16093b155e5aebf0565036b17e76eaaa1a90c891d08183ce313382d628e9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE417EB2754301ABD204EF69DC81B9BF7E8FB88714F00052EF64593290DB75E909CBA6
                                                                                                                                                                                                                        Function 0044A7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A7FE
                                                                                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A851
                                                                                                                                                                                                                        • HttpQueryInfoW.WININET ref: 0044A892
                                                                                                                                                                                                                          • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3705125965-3916222277
                                                                                                                                                                                                                        • Opcode ID: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                                                                                                                                                                                                                        • Instruction ID: e2ea4e726a01332d61d4ddbc0b4be6fd5f15ca60b5c099a75bcf819f780d651a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F431C6B56813416BE320EB16DC42F9FB7E8EFD9714F00091FF65057281D7A8A50D876A
                                                                                                                                                                                                                        Function 004509D1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00450A84
                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00450AA2
                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00450AB3
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$Long
                                                                                                                                                                                                                        • String ID: SysTreeView32
                                                                                                                                                                                                                        • API String ID: 847901565-1698111956
                                                                                                                                                                                                                        • Opcode ID: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                                                                                                                                                                                                                        • Instruction ID: 1ec52148e0427fd314aa46f8515fbaae5756f8dde681787cc4d1a4a364837cef
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9831E670244301AFE710DB64CC84B6BB3E8EF98325F104A1EF9A5932D1D7B8AD85CB25
                                                                                                                                                                                                                        Function 00450C09 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,004A83D8,00000000,?,?), ref: 00450C60
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DestroyWindow
                                                                                                                                                                                                                        • String ID: msctls_updown32
                                                                                                                                                                                                                        • API String ID: 3375834691-2298589950
                                                                                                                                                                                                                        • Opcode ID: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                                                                                                                                                                                                                        • Instruction ID: 6a1e1189e42626fde14bc74b9d87f1f450c181bb0fe7a510af516aef360d3f61
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE31A279300201AFD624DF54DC81F5B73A9EB9A714F20451EF640AB382C7B4AC4ACB6A
                                                                                                                                                                                                                        Function 00451191 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0045122A
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000186,00000000,00000000), ref: 00451238
                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,00000000,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 0045125D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                        • String ID: Listbox
                                                                                                                                                                                                                        • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                        • Opcode ID: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                                                                                                                                                                                                                        • Instruction ID: bfe1e9b3800f224edd0053b2d0d87a77da448e7bf5b17050dc61905274d7532a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E421D3712043047BE6209A65DC81F6BB3E8EBCD735F104B1EFA60A72D1C675EC458729
                                                                                                                                                                                                                        Function 0045D235 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D243
                                                                                                                                                                                                                        • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D2C7
                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D30C
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 2507767853-2761332787
                                                                                                                                                                                                                        • Opcode ID: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                                                                                                                                                                                                                        • Instruction ID: 4a708fd112bc3492f79fb502a293ca5b83a6a9b53d4ab80d782c21126568c1ab
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 622148756083019FC310EF55D944A6BB7E4FF88704F40882EFA45972A2D774E909CB5A
                                                                                                                                                                                                                        Function 0045D42B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D44A
                                                                                                                                                                                                                        • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CE
                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D502
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 2507767853-2761332787
                                                                                                                                                                                                                        • Opcode ID: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                                                                                                                                                                                                                        • Instruction ID: 8e4373afe1f51974a95c06a3ae407364d3098df30383bdf5f9e51316f0e0b5c8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 902137756083019FC314EF55D944A5AB7E8FF88710F40882EFA49972A2D778E909CB9A
                                                                                                                                                                                                                        Function 00450D00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450D74
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450D8A
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450D98
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                        • String ID: msctls_trackbar32
                                                                                                                                                                                                                        • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                        • Opcode ID: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                                                                                                                                                                                                                        • Instruction ID: c83169f0c5ec68c29a3e9aa847b4a28030a04f73c00385235601d1c9d4ce90e2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F1193717403117BE610CAA8DC81F5B73E8AB98B25F204A1AFA50A72C1D2B4FC458B68
                                                                                                                                                                                                                        Function 0046BD4D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                                                                                                                                                                                                                        • gethostbyname.WSOCK32(?,00000000,?,?), ref: 0046BD78
                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32(00000000,?,?,00000000,?,?), ref: 0046BD83
                                                                                                                                                                                                                        • inet_ntoa.WSOCK32(00000000,?), ref: 0046BDCD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharErrorLastMultiWidegethostbynameinet_ntoa
                                                                                                                                                                                                                        • String ID: HH
                                                                                                                                                                                                                        • API String ID: 1515696956-2761332787
                                                                                                                                                                                                                        • Opcode ID: 9fa1cc3982deb19834a74a1ffc0ee15940528313d09b960f7f62ca7fb5990435
                                                                                                                                                                                                                        • Instruction ID: 2fad99cf3c45da3a785a9a513efbde0c8943f1fdc9598a344110207fd9df59bd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fa1cc3982deb19834a74a1ffc0ee15940528313d09b960f7f62ca7fb5990435
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E21142765043006BC744FB66D885D9FB3A8AFC4318F448C2EF945A7242DA39E949876A
                                                                                                                                                                                                                        Function 004497A4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32 ref: 004497EA
                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00449817
                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 00449828
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Menu$InfoItem$Draw_malloc
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 772068139-4108050209
                                                                                                                                                                                                                        • Opcode ID: 80c8cc45c3a2388c5d5a2fad2fa293faafe293b1266d5f5cdbd09ec66a21ca10
                                                                                                                                                                                                                        • Instruction ID: 895394c4ac3d8cdb9511dba433443d5742fa96e32f07ab63668b9f5a94eb31d1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80c8cc45c3a2388c5d5a2fad2fa293faafe293b1266d5f5cdbd09ec66a21ca10
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 941182B16042009BF730EB55EC96FABB7A8FB91714F00452EE648CA281DB7A9445CB76
                                                                                                                                                                                                                        Function 004342A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocTask_wcslen
                                                                                                                                                                                                                        • String ID: hkG
                                                                                                                                                                                                                        • API String ID: 2651040394-3610518997
                                                                                                                                                                                                                        • Opcode ID: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
                                                                                                                                                                                                                        • Instruction ID: 372044899b15e8c53ead78f1c779643819f92c4817f04f111663958edd7e2adf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DCE065736442225B97506A79AC045CBA7D8AFB0370B15482BF880E7310E278E89643E5
                                                                                                                                                                                                                        Function 0043416A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0043417A
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0043418C
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                                                                                        • API String ID: 2574300362-1816364905
                                                                                                                                                                                                                        • Opcode ID: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                                                                                                                                                                                                                        • Instruction ID: 1a9860a365f0c849ce8c10f1c40c5c80f9dda93506fd3415c38c98a37cde1a5a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9D05EB1440B039FCB109FA0D80C64BB6E4AB64301F148C2EF885B2654D7B8E8C0CBA8
                                                                                                                                                                                                                        Function 004343CE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434466,?,?,00464B68,?,?,?,?,?,00000000,?,?,00000101,?), ref: 004343DE
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004343F0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID: ICMP.DLL$IcmpSendEcho
                                                                                                                                                                                                                        • API String ID: 2574300362-58917771
                                                                                                                                                                                                                        • Opcode ID: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                                                                                                                                                                                                                        • Instruction ID: bde82dd314f67bb94adb8237e566b22d9cd50c1f3059090bebd97951f1ce1dc3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9D017B45043039BD7105B21D80874A76E4AF58310F118C2FF881E2250CBBCE8808B79
                                                                                                                                                                                                                        Function 004343FD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(ICMP.DLL,?,0043447D,?,?,00464B56,?,?,?,?,00000000,?,?,00000101,?,?), ref: 0043440D
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 0043441F
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID: ICMP.DLL$IcmpCloseHandle
                                                                                                                                                                                                                        • API String ID: 2574300362-3530519716
                                                                                                                                                                                                                        • Opcode ID: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                                                                                                                                                                                                                        • Instruction ID: 815a2f2ef77883dfca24b23846b24e776c3b140ddfaf16f0983d17b56328066b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9FD017B04443129AD7106B64D80874A76E4AB68302F129C3FF881A2660C7BCA8808B39
                                                                                                                                                                                                                        Function 0043442C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434494,?,?,00464A94,?), ref: 0043443C
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 0043444E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID: ICMP.DLL$IcmpCreateFile
                                                                                                                                                                                                                        • API String ID: 2574300362-275556492
                                                                                                                                                                                                                        • Opcode ID: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                                                                                                                                                                                                                        • Instruction ID: c247b13c068300da1972229949477068df6ba5342f41feac8fae2a533bc96115
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97D017B04043029ADB105B60D90875A77E4AB68300F118C7FF9A1A2250C7BCA8808B29
                                                                                                                                                                                                                        Function 0040EE70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,0040E551,?), ref: 0040EE7B
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0040EE8D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                                        • API String ID: 2574300362-3024904723
                                                                                                                                                                                                                        • Opcode ID: 16a412f97595c511ed2c9e877c1bae7dd0f808d0cf5b3a9fdd28adcf59ee176d
                                                                                                                                                                                                                        • Instruction ID: 75875fa2f3f8b89ed4c8cde0d061cde3839b728dd3838c322d7dfd2ddbff31fa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16a412f97595c511ed2c9e877c1bae7dd0f808d0cf5b3a9fdd28adcf59ee176d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51D0C9B0940707DAC7301F72C91871B7AE4AB40342F204C3EB995A1290DBBCC0408B28
                                                                                                                                                                                                                        Function 0040ACA0 Relevance: 6.4, APIs: 4, Instructions: 368COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ClearVariant
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1473721057-0
                                                                                                                                                                                                                        • Opcode ID: 864e75c6b64c8395072179653f2e6e54ed688e1196af63861ce1262d91a289fa
                                                                                                                                                                                                                        • Instruction ID: 4e1e522645e86f73b8885f2d86dba7d443b77ce6b8f7ad4508257b27d10f8221
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 864e75c6b64c8395072179653f2e6e54ed688e1196af63861ce1262d91a289fa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3DD18D746003018FD724DF25D484A26B7E1EF49704F64887EE9899B3A1D739EC92CB9A
                                                                                                                                                                                                                        Function 0041456C Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __flush.LIBCMT ref: 00414630
                                                                                                                                                                                                                        • __fileno.LIBCMT ref: 00414650
                                                                                                                                                                                                                        • __locking.LIBCMT ref: 00414657
                                                                                                                                                                                                                        • __flsbuf.LIBCMT ref: 00414682
                                                                                                                                                                                                                          • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                                                                                                                          • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3240763771-0
                                                                                                                                                                                                                        • Opcode ID: da881668a639e25d03d88a6d97948a76b4f19f87a827f6f9fc91a47de182ffa5
                                                                                                                                                                                                                        • Instruction ID: ec1a4dff6c5341ad57a53ba98b0f539b864df2cc4a0ba96fecd891c5d8a4160d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: da881668a639e25d03d88a6d97948a76b4f19f87a827f6f9fc91a47de182ffa5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4841A571A00605ABDB249FA5C9445DFB7B6EFC1328F28852FE41997280D77CDEC18B48
                                                                                                                                                                                                                        Function 004781AE Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CopyVariant$ErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2286883814-0
                                                                                                                                                                                                                        • Opcode ID: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                                                                                                                                                                                                                        • Instruction ID: 2d87100fc18953c9afe9b7e879878e48daa4ef19e0256d9a4550ae3fa38499cf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F517C751543409FC310DF69C880A9BBBE4FF88314F448A6EF9499B352DB39E909CB99
                                                                                                                                                                                                                        Function 0047404B Relevance: 6.1, APIs: 4, Instructions: 133networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011), ref: 00474068
                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32(00000000,00000002,00000002,00000011), ref: 00474076
                                                                                                                                                                                                                        • #21.WSOCK32 ref: 004740E0
                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 004740EB
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast$socket
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1881357543-0
                                                                                                                                                                                                                        • Opcode ID: 49e735c62c31738b54d4bbc911449ab864d290153f15be7477df25c465b7d9f8
                                                                                                                                                                                                                        • Instruction ID: ff1742a21ceaee7448286ece46cbaad1fa76dded649dcd1b12ff87c083dae87e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49e735c62c31738b54d4bbc911449ab864d290153f15be7477df25c465b7d9f8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7641D9717403006AE720BF6ADC47F5672C89B54B18F14496EF648BF2C3D6FAA881869C
                                                                                                                                                                                                                        Function 00441CB4 Relevance: 6.1, APIs: 4, Instructions: 112windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ClientToScreen.USER32(00000000,?), ref: 00441CDE
                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00441D5A
                                                                                                                                                                                                                        • PtInRect.USER32(?,?,?), ref: 00441D6F
                                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00441DF2
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1352109105-0
                                                                                                                                                                                                                        • Opcode ID: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                                                                                                                                                                                                                        • Instruction ID: 11ad13a84751b34e4f8a983c71a6a29643224e7bbeba0240db3aabd8edeb2108
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E64192B5A042418FE710DF18D884AABB7E5FFC9311F18866FE8518B360D734AC85CBA5
                                                                                                                                                                                                                        Function 0042384A Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0042387E
                                                                                                                                                                                                                        • __isleadbyte_l.LIBCMT ref: 004238B2
                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,00000002,?,00000000,00000000,?,?,?,00000000,00000002,00000000), ref: 004238E3
                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,00000002,00000001,00000000,00000000,?,?,?,00000000,00000002,00000000), ref: 00423951
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3058430110-0
                                                                                                                                                                                                                        • Opcode ID: f131ee11c0d220cb2dc6b3da44158834730645c68ebbd2a61d5b0c3ed448205f
                                                                                                                                                                                                                        • Instruction ID: 550681b3841f0f34ee613cb5364b25607849a03987ccfca5eaaec14299199b49
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f131ee11c0d220cb2dc6b3da44158834730645c68ebbd2a61d5b0c3ed448205f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A931C270B00265EFDB20EF64D8849AA7BF5EF01312B9445AAF0A09F291D338CE81CB55
                                                                                                                                                                                                                        Function 0045D070 Relevance: 6.1, APIs: 4, Instructions: 100fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D10A
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 0045D12B
                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(00000000,?), ref: 0045D14C
                                                                                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0045D16A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3321077145-0
                                                                                                                                                                                                                        • Opcode ID: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                                                                                                                                                                                                                        • Instruction ID: 240381fd0e223f31e6bb83dc4f900fe278965bce5f9bbaa9f824fb1079ab41c9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 393180B5900301ABCB10AF71C985A1BF7E8AF84755F10891EF85497392C739FC45CB68
                                                                                                                                                                                                                        Function 0045058D Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 004505BF
                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000138,?,?,004A83D8,?,004A83D8,?), ref: 00450610
                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000133,?,?,004A83D8,?,004A83D8,?), ref: 0045065A
                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000134,?,?,004A83D8,?,004A83D8,?), ref: 00450688
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Proc$Parent
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2351499541-0
                                                                                                                                                                                                                        • Opcode ID: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                                                                                                                                                                                                                        • Instruction ID: e3e31f905615dd8bfbe674c7a91f48f64006a8638b4dc9b760805e547d05c650
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C3128362411006BC2209B299C58DBB7B58EBC7336F14465BFA54832D3CB769826C768
                                                                                                                                                                                                                        Function 004613E0 Relevance: 6.1, APIs: 4, Instructions: 90windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00438C85: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00438C95
                                                                                                                                                                                                                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000102C,00000000,00000002), ref: 00461420
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000102C,00000000,00000002), ref: 0046144F
                                                                                                                                                                                                                        • __itow.LIBCMT ref: 00461461
                                                                                                                                                                                                                        • __itow.LIBCMT ref: 004614AB
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$__itow$_wcslen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2875217250-0
                                                                                                                                                                                                                        • Opcode ID: 347b44770508ca88cf5981266e998b528a2978f718c0dd2978777487f2c1d3f7
                                                                                                                                                                                                                        • Instruction ID: b65c482f8247f617b799fd724a7506577ebf884cdb52d0d4602b18db992df379
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 347b44770508ca88cf5981266e998b528a2978f718c0dd2978777487f2c1d3f7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A213D7670031067D210BA169C86FAFB794EB94714F08443FFF44AB241EE69E94687EB
                                                                                                                                                                                                                        Function 004727F8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00472806
                                                                                                                                                                                                                          • Part of subcall function 00443EEF: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 00443F11
                                                                                                                                                                                                                          • Part of subcall function 00443EEF: GetCurrentThreadId.KERNEL32 ref: 00443F18
                                                                                                                                                                                                                          • Part of subcall function 00443EEF: AttachThreadInput.USER32(00000000), ref: 00443F1F
                                                                                                                                                                                                                        • GetCaretPos.USER32(?), ref: 0047281A
                                                                                                                                                                                                                        • ClientToScreen.USER32(00000000,?), ref: 00472856
                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 0047285C
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2759813231-0
                                                                                                                                                                                                                        • Opcode ID: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                                                                                                                                                                                                                        • Instruction ID: 38f02bd9b1f6bed34cfa7ce2d7f69328ba3456287a0ba45db7850a86b8391dd2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF2195716403056FE310EF65CC42F5BB7E8AF84708F144D2EF544AB282D6FAB9858795
                                                                                                                                                                                                                        Function 0047721A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 0047728E
                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772A9
                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772C0
                                                                                                                                                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001,?,?), ref: 004772D0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2169480361-0
                                                                                                                                                                                                                        • Opcode ID: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                                                                                                                                                                                                                        • Instruction ID: faea1ea985e506ac999786301d765d91882fdca708237d94abe4bce3661c65f1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F11B431205510ABD310FB29DD45F9BB798FF91720F10862EF455E72E2C7A8AC45C7A8
                                                                                                                                                                                                                        Function 00448C8B Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 00448CB8
                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00448CE0
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448D19
                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D62
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 312131281-0
                                                                                                                                                                                                                        • Opcode ID: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                                                                                                                                                                                                                        • Instruction ID: 9d6bf2a2f0cb0d5184a29e15ea511504db1ac53b4253ca88fa0f688086887250
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B12174715053019BF3208F18D98879FB7E4FBD5325F140B2EF594962D0DBB58449C796
                                                                                                                                                                                                                        Function 004588B0 Relevance: 6.1, APIs: 4, Instructions: 67networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • select.WSOCK32 ref: 0045890A
                                                                                                                                                                                                                        • __WSAFDIsSet.WSOCK32(00000000,00000000), ref: 00458919
                                                                                                                                                                                                                        • accept.WSOCK32(00000000,00000000,00000000,00000000,00000000), ref: 00458927
                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00458952
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLastacceptselect
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 385091864-0
                                                                                                                                                                                                                        • Opcode ID: abc1db9f2e63247cad6e2e0496bedee0f0acb9a353b4738024f17ecaf3b799d2
                                                                                                                                                                                                                        • Instruction ID: 93f38c3b8a65fd8a68e5265ae944391143789c71a4918893f245a539b4228a7d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: abc1db9f2e63247cad6e2e0496bedee0f0acb9a353b4738024f17ecaf3b799d2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F2166712043019BD314EF29C842BABB7E5AFC4714F144A2EF994DB2C1DBB4A985CB99
                                                                                                                                                                                                                        Function 00438D4E Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00438D6F
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D82
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D9A
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438DB4
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                        • Opcode ID: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                                                                                                                                                                                                                        • Instruction ID: 707762f1bc06eebb59e9357f9c77b20c0e090dcf7cedc03b298b4f863176c0ea
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77113AB6204305AFD210EF58DC84F6BF7E8EBE8750F20491EF580D7290D6B1A8468BA1
                                                                                                                                                                                                                        Function 0043362D Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,?,?,FFFFFFFF,?,?,?,?,?,?,00400000,00000000), ref: 0043367E
                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00433695
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 0043369F
                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 004336BA
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Window$CreateMessageObjectSendShowStock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1358664141-0
                                                                                                                                                                                                                        • Opcode ID: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                                                                                                                                                                                                                        • Instruction ID: 5bb77caae3378c1c36de35f78993aeb7f53e4fc0e9047450929301c31466c70f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60114F72204A00BFD254DF55CC49F5BB3F9AFCCB01F20950DB254922A0D7B4E9418BA9
                                                                                                                                                                                                                        Function 0044419B Relevance: 6.1, APIs: 4, Instructions: 53synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004441B8
                                                                                                                                                                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 004441F6
                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0044420C
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00444213
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2880819207-0
                                                                                                                                                                                                                        • Opcode ID: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                                                                                                                                                                                                                        • Instruction ID: a177bb78e812b0c83f085b16f259857c8a511f23e32e5024349264f8b0df3d09
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C401E5364183105BD300DB28ED08A9BBBD8BFD9721F18067EF89893351E6B48948C7B6
                                                                                                                                                                                                                        Function 0043401C Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00434037
                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 0043405B
                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00434085
                                                                                                                                                                                                                        • InvalidateRect.USER32(?,?,?), ref: 004340A4
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 357397906-0
                                                                                                                                                                                                                        • Opcode ID: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                                                                                                                                                                                                                        • Instruction ID: 02545dd0d615a745195cb6f618e51c1f9c2552a202a2369b8695847d2ce6fb2f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24117EB9608302AFC304DF18D98095BBBE9FFD8650F10891EF88993350D770E9498BA2
                                                                                                                                                                                                                        Function 00436A1D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00436A45
                                                                                                                                                                                                                          • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00436A6C
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 00436A93
                                                                                                                                                                                                                        • __wcsicoll.LIBCMT ref: 00436AB0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1187119602-0
                                                                                                                                                                                                                        • Opcode ID: 5b78189461bd351535feab14c2aa3b28919a840a222a6c91b90152b853837e7b
                                                                                                                                                                                                                        • Instruction ID: cc447ddabc085245cf6c6bda96777749177fc915bba42f20b5b260b799017f3a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b78189461bd351535feab14c2aa3b28919a840a222a6c91b90152b853837e7b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 690165B64043416BD724EB50D881EEBB3ED7BD8304F04C91EB5C982041FB38D24C87A6
                                                                                                                                                                                                                        Function 00437AFE Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _wcslen$_malloc_wcscat_wcscpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1597257046-0
                                                                                                                                                                                                                        • Opcode ID: 6b0dcf7875e5cc8b2f124becf3425b1e3567ced601fe1f13ac9ef2b9b8e14b5c
                                                                                                                                                                                                                        • Instruction ID: 9df5ee2dcc5f1a759a9cde70f7b42babd8a8bdcc369222b22224423102f690bd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b0dcf7875e5cc8b2f124becf3425b1e3567ced601fe1f13ac9ef2b9b8e14b5c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BFF06D32200200AFC314EB66C885E6BB3EAEBC5324F04852EF556C7791DB39F841C764
                                                                                                                                                                                                                        Function 004555D6 Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DeleteDestroyObject$IconWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3349847261-0
                                                                                                                                                                                                                        • Opcode ID: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                                                                                                                                                                                                                        • Instruction ID: 3a9029eb8e47786e7dec82746d504bb216afab776d143f23dce7b1a7602128e4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06F03C702006419BDB20AF65DDD8A2B77ACEF45322740456AFD04D7242DB28DC498B7D
                                                                                                                                                                                                                        Function 0044B600 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 0044B60B
                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,?), ref: 0044B619
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0044B630
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0044B641
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2223660684-0
                                                                                                                                                                                                                        • Opcode ID: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                                                                                                                                                                                                                        • Instruction ID: 8f2921e390180aa9c6083979f061463a0462abb68b72a76a452ff5fd2bc04521
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35F08C362422019F82249B59EA488DBB3FDEBE97213009C2FE142C32108BB5F806CB75
                                                                                                                                                                                                                        Function 00447268 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                          • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                          • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                        • MoveToEx.GDI32(?,?,00000000,00000000), ref: 0044728F
                                                                                                                                                                                                                        • LineTo.GDI32(?,00000000,00000002), ref: 004472A0
                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 004472B0
                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 004472BE
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2783949968-0
                                                                                                                                                                                                                        • Opcode ID: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                                                                                                                                                                                                                        • Instruction ID: 15f667079dd022c0076d5117e5ffb33549464faf874781034dcdd6a9c0a79bb3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46F09030109361BFE211DB10DC0AF9F3B98AB46310F10490CF641622D2C7B46845C7BA
                                                                                                                                                                                                                        Function 00417D0E Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00417D1A
                                                                                                                                                                                                                          • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
                                                                                                                                                                                                                          • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
                                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00417D31
                                                                                                                                                                                                                        • __amsg_exit.LIBCMT ref: 00417D3F
                                                                                                                                                                                                                        • __lock.LIBCMT ref: 00417D4F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3521780317-0
                                                                                                                                                                                                                        • Opcode ID: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
                                                                                                                                                                                                                        • Instruction ID: 784cd6646040312d8c3929352b57c791f513dbd9ce30c249d09a92555f0e5bc7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4F06D319447089AD720FB66E4067EA32B0AF01728F11856FA4415B7D2DB3C99C08B9E
                                                                                                                                                                                                                        Function 00471144 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00471144
                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 0047114D
                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000074), ref: 0047115A
                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 0047117B
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                                                                                        • Opcode ID: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                                                                                                                                                                                                                        • Instruction ID: a1da8b046b56c0024f4e51319ca7c868ce9b42ab557c4db2e47d6af70bf9fcef
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75F05E759042009FC310DF65DC4856EBBA4FB94351F108C3EFD05D2251DB7889059B99
                                                                                                                                                                                                                        Function 00471102 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00471102
                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 0047110B
                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00471118
                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 00471139
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                                                                                        • Opcode ID: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                                                                                                                                                                                                                        • Instruction ID: 5204c471e266b2ed5cdb435334cd6f206910ee07043e0bb223494c3f632f6575
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78F05E759042009FD310EF65DC5896EBBA4FB94351F104C3EFC05D2251DB7489059B99
                                                                                                                                                                                                                        Function 004389A1 Relevance: 6.0, APIs: 4, Instructions: 27threadwindowtimeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004389DA
                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000), ref: 004389E1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2710830443-0
                                                                                                                                                                                                                        • Opcode ID: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                                                                                                                                                                                                                        • Instruction ID: 438da6915ae72ab6a15f098678a9856147cbf2dc0a85cf0a700465948addd5b0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14E012712853107BE72157509D0EFAF7B98AF18B11F14481EB241B50D0DAF8A941876E
                                                                                                                                                                                                                        Function 004390C2 Relevance: 6.0, APIs: 4, Instructions: 26synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004390CD
                                                                                                                                                                                                                        • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 004390DB
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390EB
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390F0
                                                                                                                                                                                                                          • Part of subcall function 00438FB6: GetProcessHeap.KERNEL32(00000000,?,00439504,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FC1
                                                                                                                                                                                                                          • Part of subcall function 00438FB6: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00438FC8
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 146765662-0
                                                                                                                                                                                                                        • Opcode ID: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                                                                                                                                                                                                                        • Instruction ID: e19b07cb6d87eea3d85dfea562759309df1919ba68b29a0146d7a5ec0ea3c710
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5DE0C976504311ABC620EB65DC48C4BB7E9EF883303114E1DF89693260CA74E881CB65
                                                                                                                                                                                                                        Function 0041405D Relevance: 6.0, APIs: 4, Instructions: 19threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00414070
                                                                                                                                                                                                                          • Part of subcall function 00418540: __FindPESection.LIBCMT ref: 0041859B
                                                                                                                                                                                                                        • __getptd_noexit.LIBCMT ref: 00414080
                                                                                                                                                                                                                        • __freeptd.LIBCMT ref: 0041408A
                                                                                                                                                                                                                        • ExitThread.KERNEL32 ref: 00414093
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3182216644-0
                                                                                                                                                                                                                        • Opcode ID: 18f79961a183a005566c851b5a75566c8a37b9a59448809cc1b4ea10e33ea091
                                                                                                                                                                                                                        • Instruction ID: 8c1b811a677bc0208766d104aadce1409d27245c16b3af4a320e27a455eae914
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 18f79961a183a005566c851b5a75566c8a37b9a59448809cc1b4ea10e33ea091
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8D0EC7051024256D6207BA7ED097AA3A589B44B26B15446EA905801B1DF68D9C1862D
                                                                                                                                                                                                                        Function 0046EDC6 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 383COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: BuffCharLower
                                                                                                                                                                                                                        • String ID: $8'I
                                                                                                                                                                                                                        • API String ID: 2358735015-3608026889
                                                                                                                                                                                                                        • Opcode ID: e3039598ad07eb1683e22d1e13845cc1c6bfaba1fe80df618d976ecbdfba683b
                                                                                                                                                                                                                        • Instruction ID: 1bf34105e022c250dd7240f1ea7ec4803edb57b208c13e69c3fb06210d7c4844
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3039598ad07eb1683e22d1e13845cc1c6bfaba1fe80df618d976ecbdfba683b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9FE1AE745043018BCB24EF16D88166BB7E4BF94348F40482FF88597292EB79DD89CB9B
                                                                                                                                                                                                                        Function 00478373 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277comCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • OleSetContainedObject.OLE32(00000000,00000001), ref: 0047857A
                                                                                                                                                                                                                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                          • Part of subcall function 00445513: OleSetContainedObject.OLE32(?,00000000), ref: 00445593
                                                                                                                                                                                                                          • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                                                                                                                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                                                                                                                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                                                                                                                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CopyVariant$ContainedObject$ErrorLast_malloc
                                                                                                                                                                                                                        • String ID: AutoIt3GUI$Container
                                                                                                                                                                                                                        • API String ID: 3380330463-3941886329
                                                                                                                                                                                                                        • Opcode ID: a9ff7069b9b8d6ccd49eba872ad7efd2467de888f1098c4430e935d21ee713db
                                                                                                                                                                                                                        • Instruction ID: 8a51a4197b359b89da059ec4b883cd23719ad159cb4f439b8c2c8f5fea4c1b32
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9ff7069b9b8d6ccd49eba872ad7efd2467de888f1098c4430e935d21ee713db
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FEA16A71240601AFC760EF69C880A6BB7E9FB88304F10892EF649CB361EB75E945CB55
                                                                                                                                                                                                                        Function 004099A8 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00409A61
                                                                                                                                                                                                                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: BuffCharException@8ThrowUpper_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: 0vH
                                                                                                                                                                                                                        • API String ID: 1143807570-3662162768
                                                                                                                                                                                                                        • Opcode ID: c09e7a550d587b66afd16ae3f9308ee528eb86d4dd4285a1c93ad52bd0ffcd86
                                                                                                                                                                                                                        • Instruction ID: 5e67718e4417cbef977f4cc7974cb0b4b39b480e5382bb1977b3cac956c07efc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c09e7a550d587b66afd16ae3f9308ee528eb86d4dd4285a1c93ad52bd0ffcd86
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53515BB1A083009FC718CF18C48065BB7E1FF88314F54856EF9999B391D779E942CB96
                                                                                                                                                                                                                        Function 00466587 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: HH$HH
                                                                                                                                                                                                                        • API String ID: 0-1787419579
                                                                                                                                                                                                                        • Opcode ID: fed4e066af51e45fc8c5976399addcc25001bc25a5639efd16b547c1275b717f
                                                                                                                                                                                                                        • Instruction ID: b2aab3850ea6996be17d3b26b1a0d96f4757dd5de2ef7d298d9c2790e2b3b10f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fed4e066af51e45fc8c5976399addcc25001bc25a5639efd16b547c1275b717f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1241BF367042009FC310EF69E881F5AF3A1EF99314F548A6EFA589B381D776E811CB95
                                                                                                                                                                                                                        Function 00444652 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InfoItemMenu_memset
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 2223754486-4108050209
                                                                                                                                                                                                                        • Opcode ID: 4788cf6f182db8212a4dd4ca04636ab1929000af0f3277abda7ed9995d735732
                                                                                                                                                                                                                        • Instruction ID: 143d79469fb3e570aa9bb1e7a79db7ad77638f8ab3c2e89d41e08a42c99b444e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4788cf6f182db8212a4dd4ca04636ab1929000af0f3277abda7ed9995d735732
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB3101721043009BF3249F18DC85BABBBE4EBC6310F14081FFA90C62A0E379D949C75A
                                                                                                                                                                                                                        Function 00448358 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 0044846C
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044847E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                        • String ID: '
                                                                                                                                                                                                                        • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                        • Opcode ID: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                                                                                                                                                                                                                        • Instruction ID: cecdca06d5aa7ecc7109d5e1ff25192cbd540bafe2d1ef24ff7c1b98f096cb5f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 984179706083459FE710CF18C880BABB7E1FB89700F54882EF9888B351DB75A841CF5A
                                                                                                                                                                                                                        Function 00444571 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                        • Opcode ID: b6c602b1dd263d2c99a5ec9127bd928e029cd45f71d746a48c0c49a5726287e2
                                                                                                                                                                                                                        • Instruction ID: 268d240ecd79f719a1425e83c09d650ed443e1bf0ac8ef4f8d51517adc50c1d2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6c602b1dd263d2c99a5ec9127bd928e029cd45f71d746a48c0c49a5726287e2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6210D765042206BEB15DF08D844B97B7A4FBDA310F44492BEE9897250D379E848C7AA
                                                                                                                                                                                                                        Function 0045126C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00451305
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00451313
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                        • String ID: Combobox
                                                                                                                                                                                                                        • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                        • Opcode ID: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                                                                                                                                                                                                                        • Instruction ID: f266216a818347eeb58d59163185d0479ace604409515c443b0f4894c7ad90f2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9110A72A0430067E6109AA4DC80F5BB3D8EB99735F10071BFA24E72E1D774FC448768
                                                                                                                                                                                                                        Function 004515AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetWindowTextLengthW.USER32(00000000), ref: 004515DA
                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004515EA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                        • String ID: edit
                                                                                                                                                                                                                        • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                        • Opcode ID: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                                                                                                                                                                                                                        • Instruction ID: b80de1f22085cd2d24dcce0fe83431d10f7d2aff66e66183492c5b70af3c9e13
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2011E4716003006BD6109A64D884F6BB3DCEBD8335F104B1EFA61D32E1D779EC458729
                                                                                                                                                                                                                        Function 00474827 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00474833
                                                                                                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32 ref: 00474846
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                        • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                        • Opcode ID: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                                                                                                                                                                                                                        • Instruction ID: 41c327e25453105c4ca6c880754d33c67e761007402a238c65fd2e715fefe222
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4421C230929A14B7C2107F6ABD4BB5E7BB8AF44716F008C5DF5C562094DF785268836F
                                                                                                                                                                                                                        Function 004647A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: htonsinet_addr
                                                                                                                                                                                                                        • String ID: 255.255.255.255
                                                                                                                                                                                                                        • API String ID: 3832099526-2422070025
                                                                                                                                                                                                                        • Opcode ID: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                                                                                                                                                                                                                        • Instruction ID: e3b5e028fda38c0aed97ec3d425ece65e45bc088e5f3683a6f0e3ee8de0e9224
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F11253620030057DA10EB69C882F9BB394EFC4728F00896BFA105B283D679F45A832E
                                                                                                                                                                                                                        Function 004694DE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000001A2,000000FF,00000000), ref: 00469547
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend_wcslen
                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                        • API String ID: 455545452-1403004172
                                                                                                                                                                                                                        • Opcode ID: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                                                                                                                                                                                                                        • Instruction ID: d7878a024921556205560296ec06e6abf53b779169672b4943ab7ad66f70e2c7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2601D6327011106B8600BB299C019AFB39DDBC2370F544A2FF965573D1EA39AC0E476A
                                                                                                                                                                                                                        Function 00442AFE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00442B8C
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InternetOpen
                                                                                                                                                                                                                        • String ID: <local>
                                                                                                                                                                                                                        • API String ID: 2038078732-4266983199
                                                                                                                                                                                                                        • Opcode ID: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                                                                                                                                                                                                                        • Instruction ID: 525aca290fb55aeb65c4bf55ca0deee88c9418ef2a1db54778758d1eb2e06c8a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9011A934144751AAF621DF108D86FB77794FB50B01F50480FF9866B2C0D6F4B848C766
                                                                                                                                                                                                                        Function 004695F7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,00000000), ref: 00469660
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend_wcslen
                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                        • API String ID: 455545452-1403004172
                                                                                                                                                                                                                        • Opcode ID: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                                                                                                                                                                                                                        • Instruction ID: 486d2595d5a7427da4a9c048e684990a8dc9cac685a8154682435d05c4426571
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A101D87274121027C600BA259C01AEBB39CEB96354F04443BF94597291EA6DED0E43AA
                                                                                                                                                                                                                        Function 0046956F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                        • SendMessageW.USER32(00000182,00000182,?,00000000), ref: 004695D6
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend_wcslen
                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                        • API String ID: 455545452-1403004172
                                                                                                                                                                                                                        • Opcode ID: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                                                                                                                                                                                                                        • Instruction ID: 72d13aeac174e9c1a3a177398698555a642000804846b33da1492f44d6438514
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D01A77374111067C610BA6A9C01AEB739CABD2364F44443BF94597292EA7DED0E43AA
                                                                                                                                                                                                                        Function 00461774 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _strncmp
                                                                                                                                                                                                                        • String ID: ,$UTF8)
                                                                                                                                                                                                                        • API String ID: 909875538-2632631837
                                                                                                                                                                                                                        • Opcode ID: 727c7c5760fb27673dbb24875b26f121239a8201232c39922ad2fa80f7f85d54
                                                                                                                                                                                                                        • Instruction ID: 35c0b5e4e6bd282640ba12729024cfd3588da47ca1ed1c49f01331a057b7ec9b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 727c7c5760fb27673dbb24875b26f121239a8201232c39922ad2fa80f7f85d54
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7601B575A083805BE720DE20CC85BA773A1AB81319F58492ED8D5872A1F73DD449C75B
                                                                                                                                                                                                                        Function 00461772 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _strncmp
                                                                                                                                                                                                                        • String ID: ,$UTF8)
                                                                                                                                                                                                                        • API String ID: 909875538-2632631837
                                                                                                                                                                                                                        • Opcode ID: abd9c85c193eb76a615b38e8260140970f327620044c052ec7ea970ca86f7e2a
                                                                                                                                                                                                                        • Instruction ID: b3c6803870d1b21283bf32431af321d4190ac902c568a1d8b2e557ddf245ca97
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: abd9c85c193eb76a615b38e8260140970f327620044c052ec7ea970ca86f7e2a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E01D875A043805BE720DE20CC85B6773A19B4131AF68492FD8D6872A1F73DD449C75B
                                                                                                                                                                                                                        Function 004560AD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560BA
                                                                                                                                                                                                                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 004560E9
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MessageSend_mallocwsprintf
                                                                                                                                                                                                                        • String ID: %d/%02d/%02d
                                                                                                                                                                                                                        • API String ID: 1262938277-328681919
                                                                                                                                                                                                                        • Opcode ID: dc5fd9a877cd0fc352ed6de9b5f97ee6fb2dcbb154e3a48ad4a1e49fbb654ae8
                                                                                                                                                                                                                        • Instruction ID: 2a73c44ac592e0fe880a68d863bd42ca8887a008949f121bccc13d44bcf2ebb3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc5fd9a877cd0fc352ed6de9b5f97ee6fb2dcbb154e3a48ad4a1e49fbb654ae8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13F08272744220A7E2105BA5AC01BBFB3D4EB84762F10443BFE44D12C0E66E8455D7BA
                                                                                                                                                                                                                        Function 00442262 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0044226C
                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0044227F
                                                                                                                                                                                                                          • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                                                                                        • Opcode ID: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                                                                                                                                                                                                                        • Instruction ID: f0ed9326d30a696a9ade51716a531e8bd1705000bbe21894ac7a57cb5589152b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71D0A772F8130177E92077706D0FFCB26246F14710F010C3AB305AA1C0D4E8D440C358
                                                                                                                                                                                                                        Function 0044222A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00442240
                                                                                                                                                                                                                        • PostMessageW.USER32(00000000), ref: 00442247
                                                                                                                                                                                                                          • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                                                                                        • Opcode ID: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                                                                                                                                                                                                                        • Instruction ID: d1e5b9be119239975405e397b0c0efdc35250005003305bf123d4268f2ecb06f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4DD05E72B813013BE92076706D0FF8B26246B14710F010C2AB205AA1C0D4E8A4408358
                                                                                                                                                                                                                        Function 00439514 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00439522
                                                                                                                                                                                                                          • Part of subcall function 00411A1F: _doexit.LIBCMT ref: 00411A2B
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2130530503.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130274074.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130592723.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130618656.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2130654830.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_Invoice & Packing list For Sea Shipment.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message_doexit
                                                                                                                                                                                                                        • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                        • API String ID: 1993061046-4017498283
                                                                                                                                                                                                                        • Opcode ID: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                                                                                                                                                                                                                        • Instruction ID: 5d68346425d2699d55792fe39b85c2381918ba1f955abba655776c5540820644
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82B092343C038627E20437A01C0BF8C28049B64F42F220C2AB308384D259D90080231E